10341000x8000000000000000871666Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:43.262{068A336D-6CBE-6192-9D00-000000000F02}22683424C:\Windows\system32\conhost.exe{068A336D-5D3F-6196-F37E-000000000F02}5580C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871665Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:43.262{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871664Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:43.262{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871663Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:43.262{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871662Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:43.262{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871661Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:43.262{068A336D-6C45-6192-0500-000000000F02}408524C:\Windows\system32\csrss.exe{068A336D-5D3F-6196-F37E-000000000F02}5580C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000871660Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:43.262{068A336D-6CBE-6192-9900-000000000F02}38762264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{068A336D-5D3F-6196-F37E-000000000F02}5580C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000871659Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:43.248{068A336D-5D3F-6196-F37E-000000000F02}5580C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{068A336D-6C45-6192-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{068A336D-6CBE-6192-9900-000000000F02}3876C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000871658Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:43.200{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9EE0186EDE9AF63AE228FC70B779D02B,SHA256=4F66611790EE63E6E07364BF634032EAC73A6A1E7B53CF024470F2B999EAAD2E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009564517Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.731{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564516Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564515Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564514Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564513Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564512Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564511Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564510Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564509Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564508Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564507Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564506Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564505Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564504Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564503Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564502Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564501Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564500Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564499Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564498Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564497Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564496Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564495Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564494Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564493Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564492Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564491Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564490Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564489Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564488Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564487Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564486Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564485Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x80000000000000009564484Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:39.785{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.251-37804-false10.0.1.14win-dc-970.attackrange.local3389ms-wbt-server 10341000x80000000000000009564483Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564482Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564481Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564480Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564479Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564478Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564477Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564476Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564475Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564474Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564473Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564472Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564471Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564470Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564469Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564468Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564467Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564466Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564465Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564464Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564463Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564462Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564461Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564460Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564459Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564458Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564457Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564456Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564455Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564454Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564453Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564452Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564451Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564450Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564449Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564448Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564447Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564446Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564445Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564444Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564443Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564442Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564441Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564440Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564439Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564438Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564437Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564436Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564435Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564434Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564433Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564432Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564431Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564430Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564429Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564428Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564427Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.715{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564610Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564609Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564608Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564607Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564606Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564605Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564604Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564603Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564602Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564601Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564600Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564599Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564598Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564597Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564596Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564595Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564594Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564593Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564592Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564591Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564590Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564589Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564588Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564587Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564586Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564585Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564584Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564583Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871667Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:44.231{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A388CCE4087D3190880F61FC222E9722,SHA256=0E6D4395BC0A044C4587A7972574E79B9D2A97D36ABD5DD78E9138900FE7A2D4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009564582Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564581Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564580Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564579Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564578Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564577Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564576Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564575Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564574Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564573Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564572Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564571Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564570Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564569Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564568Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564567Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564566Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564565Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564564Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564563Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564562Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564561Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564560Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564559Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564558Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564557Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564556Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564555Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564554Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564553Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564552Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564551Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564550Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564549Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564548Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564547Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564546Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564545Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564544Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564543Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564542Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564541Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564540Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564539Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564538Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564537Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564536Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564535Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564534Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564533Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564532Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564531Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564530Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564529Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564528Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564527Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564526Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564525Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564524Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564523Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564522Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564521Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.783{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009564520Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.253{CBEA6AB7-6A01-6192-1100-000000000E02}404NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=631064EB1F65CBA601340D336E40899C,SHA256=6D711CBCF1F10B5FA330D0C18DB66A7792841B47E47F1AF61FD1631933E0F799,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009564519Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.100{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C0503A0648238A1E482C3237D0DE2AF,SHA256=FFB665866D8E3BE0DE55FC2EE487BC8BC9B6D04BB609DD58EEF4BF5F22A6E0A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009564518Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:44.084{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19FC749D4261886E74EBADA126F0461C,SHA256=4007A2568460B59B893D00DDC5EAFDC39113D0C14AE6BAE3BD034A73FD0DD0B9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009564702Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564701Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564700Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564699Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564698Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564697Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564696Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564695Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564694Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564693Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564692Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564691Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564690Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564689Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564688Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564687Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564686Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564685Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564684Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564683Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564682Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564681Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564680Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564679Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564678Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564677Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564676Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564675Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564674Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.866{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564673Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564672Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564671Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564670Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564669Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564668Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564667Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564666Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564665Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564664Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564663Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564662Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564661Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564660Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564659Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564658Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564657Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564656Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564655Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564654Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564653Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564652Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564651Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564650Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564649Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564648Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564647Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564646Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564645Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564644Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564643Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564642Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871677Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:45.840{068A336D-6CBE-6192-9D00-000000000F02}22683424C:\Windows\system32\conhost.exe{068A336D-5D41-6196-F47E-000000000F02}3672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871676Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:45.840{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871675Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:45.840{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871674Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:45.840{068A336D-6C45-6192-0500-000000000F02}408424C:\Windows\system32\csrss.exe{068A336D-5D41-6196-F47E-000000000F02}3672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000871673Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:45.840{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871672Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:45.840{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871671Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:45.840{068A336D-6CBE-6192-9900-000000000F02}38762264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{068A336D-5D41-6196-F47E-000000000F02}3672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000871670Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:45.826{068A336D-5D41-6196-F47E-000000000F02}3672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{068A336D-6C45-6192-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{068A336D-6CBE-6192-9900-000000000F02}3876C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000871669Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:45.231{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73369C6EF4CF6805CCF3E942848D5407,SHA256=E2F0B9E9C9CE371B48D0B5A2C2B5472A0E1B8E65CA89CEB7027A348DB93628D2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009564641Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564640Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564639Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564638Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564637Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564636Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564635Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564634Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564633Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564632Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564631Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564630Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564629Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564628Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564627Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564626Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564625Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564624Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564623Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564622Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564621Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564620Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564619Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564618Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564617Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564616Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564615Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564614Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564613Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.851{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009564612Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.267{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E8DF057251F8E501C7526198BFD7C91,SHA256=1D8342BB8E70D6AA256CA1ECD0F4BF59371BA2A8BCAC89A340E988541443D045,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009564611Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:45.251{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0C3A245B87E6274FACC4AB4DCDE2D79,SHA256=759D37EEBC0D338E5C3378A9AD0A1FC73F49DE9DF1F30A76A770609D89526F88,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000871668Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:58.652{068A336D-6C46-6192-1000-000000000F02}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.251-59996-false10.0.1.15win-host-273.attackrange.local3389ms-wbt-server 10341000x80000000000000009564795Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.935{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564794Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.934{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564793Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.934{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564792Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.933{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564791Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.933{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564790Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.933{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564789Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.933{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564788Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.932{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564787Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.932{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564786Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.932{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564785Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.932{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564784Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.932{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564783Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.932{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564782Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.932{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564781Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.931{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564780Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.931{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564779Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.931{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564778Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.931{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564777Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.930{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564776Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.930{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564775Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.930{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564774Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.930{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564773Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.930{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564772Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.929{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564771Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564770Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564769Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564768Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871689Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:46.637{068A336D-5D42-6196-F57E-000000000F02}39523024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{068A336D-6CBE-6192-9900-000000000F02}3876C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871688Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:46.418{068A336D-6CBE-6192-9D00-000000000F02}22683424C:\Windows\system32\conhost.exe{068A336D-5D42-6196-F57E-000000000F02}3952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871687Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:46.418{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871686Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:46.418{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871685Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:46.418{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871684Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:46.418{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871683Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:46.418{068A336D-6C45-6192-0500-000000000F02}408524C:\Windows\system32\csrss.exe{068A336D-5D42-6196-F57E-000000000F02}3952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000871682Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:46.418{068A336D-6CBE-6192-9900-000000000F02}38762264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{068A336D-5D42-6196-F57E-000000000F02}3952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000871681Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:46.405{068A336D-5D42-6196-F57E-000000000F02}3952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{068A336D-6C45-6192-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{068A336D-6CBE-6192-9900-000000000F02}3876C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000871680Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:46.231{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A15B5AECB29C1198B268FF282FDCE422,SHA256=2F6ECAC619BA4483E3360D04628ABA77970C3D35568C9373A57EB1B139384EF0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009564767Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564766Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564765Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564764Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564763Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564762Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564761Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564760Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564759Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564758Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564757Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564756Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564755Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564754Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564753Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564752Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564751Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564750Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564749Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564748Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564747Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564746Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564745Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564744Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564743Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564742Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564741Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564740Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564739Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564738Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564737Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564736Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564735Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564734Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564733Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564732Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564731Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564730Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564729Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564728Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564727Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564726Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564725Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564724Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564723Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564722Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564721Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564720Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564719Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564718Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564717Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564716Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564715Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564714Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564713Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564712Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564711Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564710Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564709Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564708Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564707Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564706Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.913{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x80000000000000009564705Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:43.080{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-970.attackrange.local50330-false10.0.1.12-8000- 23542300x80000000000000009564704Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.414{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4868B81B9223F8BD70A065D80C2CB3D7,SHA256=AD2C19C93EA8462837E4E6207EE84E4E1E8B40D1F9666C987F9481E6CFC33C66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009564703Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.398{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53F44E5E1A7E80668D598AA068F2E817,SHA256=71226293BD09B71ABAF5BF784533FF2D307570E292F393D4E31C58B177E093E9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000871679Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:59.729{068A336D-6CC7-6192-CB00-000000000F02}3384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-273.attackrange.local55376-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000871678Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:46.106{068A336D-5D41-6196-F47E-000000000F02}36721308C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{068A336D-6CBE-6192-9900-000000000F02}3876C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871707Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:47.903{068A336D-5D43-6196-F77E-000000000F02}69925316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{068A336D-6CBE-6192-9900-000000000F02}3876C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871706Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:47.637{068A336D-6CBE-6192-9D00-000000000F02}22683424C:\Windows\system32\conhost.exe{068A336D-5D43-6196-F77E-000000000F02}6992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871705Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:47.637{068A336D-6C45-6192-0500-000000000F02}4081012C:\Windows\system32\csrss.exe{068A336D-5D43-6196-F77E-000000000F02}6992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000871704Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:47.637{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871703Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:47.637{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871702Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:47.637{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871701Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:47.637{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871700Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:47.637{068A336D-6CBE-6192-9900-000000000F02}38762264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{068A336D-5D43-6196-F77E-000000000F02}6992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000871699Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:47.622{068A336D-5D43-6196-F77E-000000000F02}6992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{068A336D-6C45-6192-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{068A336D-6CBE-6192-9900-000000000F02}3876C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000871698Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:47.231{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47BBDD47CF066FE3211BA2BC4F08D65A,SHA256=800B7298C7528B657F4D7D97CFDB813863D0328EE40480CD49703C21984B63C4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009564838Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564837Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564836Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564835Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564834Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564833Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564832Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564831Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564830Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564829Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564828Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564827Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564826Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564825Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564824Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564823Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564822Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564821Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564820Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564819Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564818Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564817Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564816Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564815Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564814Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564813Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564812Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564811Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564810Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564809Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564808Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564807Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564806Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564805Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564804Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564803Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564802Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564801Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564800Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564799Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009564798Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.667{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=34C0F24929BF2FA23CBA140F35D16A52,SHA256=9ED120C14E78E443D3B20BF85A331D89C6373D4C47AEE9C677C59C6FC5DD25CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009564797Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.667{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05BE44EDD3318F37BA2DAAB272769D24,SHA256=2E7279EC5991FA5DB03007878BB85DC839934512E240D01AE522D5D94ADDDB32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009564796Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.051{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4CEAAA4C7276A23ED1D516DE1E72675,SHA256=08F62B564AF29D08965A6070A8CE79A3D0AD8B1A11D910F903F5DBDFC019D350,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000871697Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:47.106{068A336D-6CBE-6192-9D00-000000000F02}22683424C:\Windows\system32\conhost.exe{068A336D-5D43-6196-F67E-000000000F02}6304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871696Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:47.090{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871695Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:47.090{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871694Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:47.090{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871693Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:47.090{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871692Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:47.090{068A336D-6C45-6192-0500-000000000F02}408424C:\Windows\system32\csrss.exe{068A336D-5D43-6196-F67E-000000000F02}6304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000871691Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:47.090{068A336D-6CBE-6192-9900-000000000F02}38762264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{068A336D-5D43-6196-F67E-000000000F02}6304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000871690Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:47.091{068A336D-5D43-6196-F67E-000000000F02}6304C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{068A336D-6C45-6192-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{068A336D-6CBE-6192-9900-000000000F02}3876C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000871708Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:48.231{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A3564A6CBE2EEBB961B76FD5D4FAA77,SHA256=B0C37F7263A2B8044E37FE56AAFE3C6F5CCC85BC0DD2FE3CBA8F2AEDBC989979,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009564890Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:48.681{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45D564EEFB7843923E66E91D212DEC35,SHA256=E32B939152DF72556C77A524062C4E173B7B5A38720454F94B76F1F31E06A284,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009564889Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:48.266{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C87A7A4CF01E3FD6B1D62A1B84B189EA,SHA256=1337F6AD8F4B22E6C41558FCAC7EBDE926CBA55B74160E1E82E05E9A2D260098,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009564888Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564887Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564886Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564885Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564884Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564883Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564882Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564881Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564880Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564879Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564878Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564877Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564876Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564875Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564874Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564873Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564872Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564871Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564870Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564869Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564868Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564867Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.998{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564866Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564865Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564864Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564863Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564862Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564861Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564860Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564859Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564858Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564857Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564856Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564855Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564854Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564853Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564852Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564851Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564850Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564849Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564848Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564847Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564846Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564845Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564844Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564843Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564842Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564841Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564840Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564839Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.982{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871709Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:49.231{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F5EA581B4A31327877F9A9E609E4905,SHA256=BCD9E4AA2401CB845D1F7464476CAB69B49B1B99DB93B4D574AB1B4493AE036B,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009564984Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:46.438{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.98-48002-false10.0.1.14win-dc-970.attackrange.local3389ms-wbt-server 23542300x80000000000000009564983Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.796{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=203C877F1D3605E0DD66A690A1659067,SHA256=304DFB99AFC890CF0769EA5852CB317FBC68F04EC6D48E652F29FC26DFF6447C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009564982Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.612{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=003AC9283FF4ECF5720D8964BB63F9BD,SHA256=66D5B56318F14BFC9D7E67E591C9966EBCC55E5EAA906D252299BCF3E9AD095E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009564981Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.196{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27EDCA0FA1864D67CC207DE543F2BDFC,SHA256=4C30714CCF9D6AE6DBFA2516E828178AFE7360A6DACAA982DEDFAA74A41A2452,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009564980Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.065{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564979Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.065{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564978Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.065{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564977Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.065{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564976Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.065{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564975Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.065{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564974Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.065{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564973Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.065{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564972Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.065{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564971Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.065{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564970Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564969Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564968Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564967Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564966Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564965Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564964Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564963Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564962Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564961Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564960Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564959Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564958Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564957Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564956Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564955Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564954Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564953Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564952Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564951Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564950Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564949Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564948Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564947Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564946Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564945Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564944Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564943Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564942Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564941Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564940Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564939Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564938Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564937Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564936Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564935Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564934Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564933Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564932Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564931Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564930Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564929Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564928Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564927Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564926Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564925Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564924Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564923Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564922Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564921Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564920Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564919Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564918Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564917Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564916Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564915Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564914Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564913Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564912Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564911Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564910Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564909Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564908Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564907Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564906Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564905Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564904Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564903Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564902Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564901Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564900Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564899Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564898Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564897Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564896Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564895Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564894Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564893Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564892Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564891Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.050{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871710Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:50.231{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB6B2783C00C34219139FAA7DEFB09D0,SHA256=D72051646E053CD6ADB36C4AAAE1E09BECDAF18A8CAA1A8AA5EBA2C4D0B990F7,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009565077Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:47.078{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.36-33010-false10.0.1.14win-dc-970.attackrange.local3389ms-wbt-server 23542300x80000000000000009565076Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.810{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DAA97A78CC1F39BADE7388E00C5A055,SHA256=733272FEDA9A5488725A9A7FB4F0A73149D8EA280085FB6FB18467000D8A0F11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009565075Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.164{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22B53E00E04964CD5BBF1A354B38E67E,SHA256=675F6FA23A7DA9F45F1DD2B599D0DE64BD31A78F5FEAE73EAAFE3E3F39062082,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009565074Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.130{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565073Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.128{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565072Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.128{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565071Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.128{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565070Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.128{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565069Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.128{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565068Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.128{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565067Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.127{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565066Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.127{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565065Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.127{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565064Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.127{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565063Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.127{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565062Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.127{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565061Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565060Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565059Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565058Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565057Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565056Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565055Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565054Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565053Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565052Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565051Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565050Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565049Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565048Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565047Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565046Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565045Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565044Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565043Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565042Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565041Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565040Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565039Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565038Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565037Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565036Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565035Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565034Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565033Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565032Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565031Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565030Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565029Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565028Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565027Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565026Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565025Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565024Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565023Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565022Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565021Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565020Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565019Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565018Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565017Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565016Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565015Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565014Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565013Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565012Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565011Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565010Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565009Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565008Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565007Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565006Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565005Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565004Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565003Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565002Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565001Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565000Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564999Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564998Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564997Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564996Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564995Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564994Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564993Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564992Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564991Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564990Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564989Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564988Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564987Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564986Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009564985Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:50.111{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871712Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:51.329{068A336D-6C47-6192-1B00-000000000F02}1952NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0888b3dfc16cad471\channels\health\respondent-20211115141851-4197MD5=7D5F4D75B6205BAE0B0CD245353355AE,SHA256=FF29CB026251AB2F621324A386EBB740C0EEF4A7746CD7FA9FAF12CBD8E709CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871711Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:51.247{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C152F4D6B2BC96DE0BC8ACB6D3F0A575,SHA256=05862449AD39D9E4BDBB46AF84E948886AAC54856BABDE1B11A2B49885F31FF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009565170Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.832{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEE1CEBC7A0212EFAAEF63675D40C337,SHA256=33C77CA8BFF2892B7237AC407EBBB477C4C574E785B04BF76DD21BDA2DD53A96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009565169Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.279{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADB4E130BC1BB16C8591C77E09B5C644,SHA256=40B05DAD666CB9A06E8C0EB998089D408CD609C5209F49A027EA0B66738C3D02,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009565168Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.194{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565167Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.194{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565166Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.194{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565165Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.194{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565164Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.194{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565163Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.194{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565162Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.194{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565161Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565160Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565159Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565158Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565157Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565156Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565155Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565154Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565153Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565152Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565151Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565150Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565149Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565148Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565147Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565146Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565145Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565144Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565143Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565142Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565141Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565140Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565139Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565138Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565137Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565136Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565135Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565134Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565133Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565132Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565131Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565130Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565129Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565128Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565127Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565126Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565125Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565124Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565123Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565122Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565121Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565120Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565119Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565118Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565117Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565116Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565115Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.179{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565114Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565113Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565112Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565111Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565110Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565109Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565108Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565107Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565106Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565105Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565104Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565103Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565102Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565101Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565100Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565099Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565098Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565097Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565096Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565095Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565094Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565093Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565092Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565091Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565090Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565089Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565088Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565087Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565086Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565085Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565084Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565083Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565082Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565081Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565080Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565079Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.163{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565078Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:51.026{CBEA6AB7-6A01-6192-0D00-000000000E02}9048272C:\Windows\system32\svchost.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009565427Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.864{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22BA25DACCC69102916E6B17EC60B3D5,SHA256=D286DDD7A94826FE030FAB6AC6280B23F7DFB4AA3C3417458817BFBDFF167CFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009565426Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.495{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16E835FC66A0BEE14B1A7964199A8A1C,SHA256=94CBB904F86639D3CF21A61797E543B8355FE86847D9723D4C5BA24740537DCA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009565425Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.310{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565424Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.310{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565423Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.310{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565422Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.310{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565421Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.310{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565420Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.310{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565419Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.310{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565418Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.310{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565417Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.310{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565416Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.310{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565415Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.310{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565414Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.310{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565413Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.310{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565412Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.310{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565411Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.310{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565410Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565409Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565408Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565407Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565406Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565405Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565404Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565403Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565402Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565401Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565400Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565399Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565398Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565397Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565396Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565395Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565394Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565393Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565392Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565391Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565390Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565389Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565388Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871717Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:52.337{068A336D-6C47-6192-1B00-000000000F02}1952NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0888b3dfc16cad471\channels\health\surveyor-20211115141847-4198MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000871716Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:06.185{068A336D-6C46-6192-1000-000000000F02}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.98-45190-false10.0.1.15win-host-273.attackrange.local3389ms-wbt-server 354300x8000000000000000871715Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:05.856{068A336D-6C46-6192-1000-000000000F02}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.251-47626-false10.0.1.15win-host-273.attackrange.local3389ms-wbt-server 354300x8000000000000000871714Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:04.744{068A336D-6CC7-6192-CB00-000000000F02}3384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-273.attackrange.local55377-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000871713Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:52.274{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3AB18DD67288A77B65BBB756CE23B5C,SHA256=4705C0087FE8C489DEE4A57C5B0C7722B945742F07B8C63AFCE8AAAB18D5A673,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009565387Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565386Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565385Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565384Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565383Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565382Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565381Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565380Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565379Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565378Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565377Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565376Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565375Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565374Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565373Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565372Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565371Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565370Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565369Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565368Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565367Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565366Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565365Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.298{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565364Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565363Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565362Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565361Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565360Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565359Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565358Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565357Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565356Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565355Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565354Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565353Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565352Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565351Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565350Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565349Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565348Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565347Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565346Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565345Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565344Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565343Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565342Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565341Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565340Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565339Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565338Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565337Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565336Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565335Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565334Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565333Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565332Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565331Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565330Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565329Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565328Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565327Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565326Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565325Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565324Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565323Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565322Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565321Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565320Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565319Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565318Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565317Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565316Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565315Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565314Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565313Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565312Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565311Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565310Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565309Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565308Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565307Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565306Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565305Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565304Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565303Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565302Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565301Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565300Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565299Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565298Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565297Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565296Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565295Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565294Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565293Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565292Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565291Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565290Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.279{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565289Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565288Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565287Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565286Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565285Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565284Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565283Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565282Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565281Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565280Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565279Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565278Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565277Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565276Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565275Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565274Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565273Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565272Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565271Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565270Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565269Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565268Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565267Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565266Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565265Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565264Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565263Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565262Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565261Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565260Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565259Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565258Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565257Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565256Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565255Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565254Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565253Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565252Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565251Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565250Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565249Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565248Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565247Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565246Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565245Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565244Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565243Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565242Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565241Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565240Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565239Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565238Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565237Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565236Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565235Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565234Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565233Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565232Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565231Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565230Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565229Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565228Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565227Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565226Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565225Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565224Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565223Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565222Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.263{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565221Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565220Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565219Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565218Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565217Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565216Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565215Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565214Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565213Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565212Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565211Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565210Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565209Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565208Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565207Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565206Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565205Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565204Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565203Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565202Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565201Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565200Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565199Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565198Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565197Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565196Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565195Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565194Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565193Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565192Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565191Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565190Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565189Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565188Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565187Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565186Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565185Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565184Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565183Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565182Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565181Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565180Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565179Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565178Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565177Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565176Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565175Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565174Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565173Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565172Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.247{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009565171Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.129{CBEA6AB7-70F1-6192-4305-000000000E02}6104ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mm8x5u6x.default-release\datareporting\glean\db\data.safe.binMD5=6039DEFE68D7644889724ADA73027C19,SHA256=68AB4FB91E3895293B328C5C7B9F6C067D26F34070F5A4E59F230C80231E9EB9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000009565522Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.962{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mm8x5u6x.default-release\SiteSecurityServiceState.txt2021-11-15 14:43:45.297 23542300x80000000000000009565521Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.962{CBEA6AB7-70F1-6192-4305-000000000E02}6104ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mm8x5u6x.default-release\SiteSecurityServiceState.txtMD5=38AFA933C0C9F3F2184ED30BA119F6F7,SHA256=3AFE8587AE10C35AB311C7662621C947CC824375C15A21D701F3E2AC7D6C4556,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009565520Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.428{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08B038F14B46A35EAE1A3BB18B3C86EC,SHA256=E511C586F7EAAB6CB2C0F913891C7A30FE695A5B1E623815B0EDBEE3CA232FAF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009565519Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565518Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565517Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565516Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565515Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565514Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565513Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565512Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565511Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565510Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565509Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565508Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565507Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565506Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565505Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565504Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565503Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565502Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565501Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565500Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565499Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565498Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565497Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565496Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565495Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565494Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565493Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565492Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.379{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565491Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565490Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565489Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565488Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565487Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565486Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565485Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565484Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565483Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565482Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565481Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565480Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565479Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565478Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565477Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565476Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565475Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565474Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565473Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565472Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565471Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565470Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565469Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565468Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565467Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565466Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565465Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565464Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565463Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565462Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565461Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565460Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565459Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565458Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565457Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565456Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565455Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565454Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565453Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565452Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565451Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565450Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565449Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565448Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565447Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565446Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565445Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565444Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565443Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565442Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565441Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565440Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565439Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565438Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565437Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565436Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565435Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565434Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565433Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565432Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565431Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565430Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.363{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009565429Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:53.148{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5A2227143EE4EF298C3FE2642F468754,SHA256=7DDABBE6DE23FB0221BFA24AEA38DFD0845E97629F84B7BC98074C57B71F1A5D,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009565428Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.013{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-970.attackrange.local50331-false10.0.1.12-8000- 23542300x8000000000000000871718Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:53.276{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2D21C0462A50BB4383178675414CA61,SHA256=27DB51E398597EB358D562977987651DBAFEE2492A9620538480CE767719381E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009565615Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.647{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB13ED03D0A4E0FCDCD8F0C561118F2F,SHA256=658F2C17D092955EB271F8373022F6FB1B6D9E819486206AD5EF2003C7576CF4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009565614Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565613Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565612Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565611Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565610Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565609Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565608Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565607Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565606Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565605Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565604Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565603Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565602Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565601Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565600Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565599Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565598Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565597Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565596Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565595Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565594Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565593Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565592Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565591Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565590Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565589Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565588Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565587Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565586Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565585Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565584Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.462{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565583Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565582Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565581Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871719Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:54.292{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E0CB067FA4BE40B3D0ED255AAD65268,SHA256=8CC0B4C3A669C16AFDD3F8CAD4A9AA15A839420C805BE07A86F347AD9B4AE9AA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009565580Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565579Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565578Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565577Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565576Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565575Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565574Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565573Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565572Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565571Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565570Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565569Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565568Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565567Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565566Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565565Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565564Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565563Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565562Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565561Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565560Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565559Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565558Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565557Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565556Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565555Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565554Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565553Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565552Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565551Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565550Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565549Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565548Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565547Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565546Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565545Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565544Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565543Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565542Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565541Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565540Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565539Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565538Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565537Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565536Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565535Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565534Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565533Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565532Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565531Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565530Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565529Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565528Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565527Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565526Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565525Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.446{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x80000000000000009565524Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:49.984{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.251-60318-false10.0.1.14win-dc-970.attackrange.local3389ms-wbt-server 23542300x80000000000000009565523Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.047{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DFF2674438A6FF87E36DDDF898AD4E4,SHA256=9D28A334A17A5435DA58BB9BD041DA37177923974888B77343F856C9F88F545D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871720Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:55.297{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBE4D0B265CED2F494200DF67F3C030F,SHA256=F39CAF9B76F48125ED61DCCD9E7F4A3421732027FD6FFCB6FB3740AEF0F386A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009565707Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.648{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDF4A6387717C26B4FF6254D910FE435,SHA256=4EFB2FD2A5378B7531ADA3C4B48949219C12016CB02D88DBDD51A6A997260824,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009565706Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565705Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565704Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565703Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565702Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565701Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565700Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565699Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565698Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565697Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565696Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565695Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565694Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565693Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565692Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565691Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565690Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565689Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565688Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565687Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565686Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565685Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565684Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565683Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565682Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565681Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565680Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565679Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565678Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565677Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565676Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565675Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565674Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565673Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565672Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565671Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565670Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565669Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565668Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565667Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565666Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565665Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565664Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.510{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565663Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565662Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565661Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565660Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565659Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565658Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565657Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565656Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565655Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565654Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565653Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565652Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565651Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565650Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565649Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565648Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565647Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565646Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565645Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565644Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565643Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565642Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565641Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565640Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565639Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565638Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565637Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565636Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565635Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565634Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565633Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565632Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565631Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565630Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565629Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565628Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565627Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565626Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565625Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565624Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565623Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565622Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565621Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565620Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565619Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565618Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565617Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.495{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009565616Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:55.009{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C9DC5CC15FFD017F1CE6C2FCDA7AC26,SHA256=04E1DC3481DA4346D2898A3725D95ED9CDD919D5B453FBAC87DEF7C72F5C3C76,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000871722Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:10.561{068A336D-6CC7-6192-CB00-000000000F02}3384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-273.attackrange.local55378-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000871721Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:56.297{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDD60276611447A0C685F4E208A71553,SHA256=2FB28FE31AB19D1FEDA1B00CA8E211C62B4ECDFD3215FAFC622300950BFC8112,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009565801Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:52.951{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com38471-false10.0.1.14win-dc-970.attackrange.local3389ms-wbt-server 23542300x80000000000000009565800Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.862{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E1A8C8788E3DDCA27ED6450CA8DDCFB,SHA256=C9E64C06337D9D46B739FEB2B5C490AF981F1C52D025BF71A570D7388757FBBC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009565799Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.578{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565798Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.578{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565797Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.578{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565796Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.578{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565795Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.578{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565794Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.578{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565793Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.578{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565792Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.578{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565791Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.578{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565790Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.578{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565789Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.578{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565788Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.578{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565787Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.578{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565786Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.578{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565785Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.578{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565784Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565783Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565782Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565781Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565780Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565779Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565778Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565777Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565776Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565775Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565774Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565773Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565772Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565771Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565770Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565769Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565768Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565767Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565766Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565765Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565764Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565763Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565762Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565761Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565760Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565759Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565758Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565757Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565756Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565755Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565754Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565753Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565752Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565751Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565750Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565749Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565748Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565747Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565746Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565745Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565744Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565743Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565742Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565741Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565740Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565739Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565738Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565737Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565736Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565735Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565734Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565733Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565732Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565731Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565730Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565729Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565728Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565727Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565726Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565725Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565724Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565723Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565722Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565721Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565720Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565719Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565718Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565717Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565716Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565715Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565714Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565713Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565712Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565711Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565710Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.563{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009565709Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.047{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DD6F29B374F4BCB35FA80065FC8E7E34,SHA256=6522373CC3B57AA898790C0A1F42B178612F4ADB16DC5856CAC5714871946A55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009565708Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:56.010{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=147C77D9A9B5AAA9B09C8F8E569533C7,SHA256=280D331FC29C939CF322A975DCCD28D63B4CD9E25A7316E0239A497535C1CB3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871723Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:57.297{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6356DB1AEC04F26E4B3D4EFB8E2066C,SHA256=FA35D924C6B820853604E3FA6C6D3F8576D61F5D9847C07951237FC91D878979,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009565893Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:54.028{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-970.attackrange.local50332-false10.0.1.12-8000- 10341000x80000000000000009565892Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.678{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565891Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.678{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565890Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.662{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565889Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.662{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565888Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.662{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565887Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.662{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565886Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.646{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565885Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.646{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565884Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.646{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565883Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.646{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565882Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.646{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565881Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.646{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565880Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.646{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565879Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.646{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565878Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.646{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565877Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.646{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565876Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.646{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565875Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.646{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565874Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.646{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565873Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.646{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565872Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.646{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565871Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.646{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565870Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.646{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565869Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.646{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565868Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565867Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565866Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565865Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565864Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565863Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565862Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565861Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565860Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565859Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565858Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565857Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565856Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565855Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565854Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565853Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565852Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565851Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565850Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565849Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565848Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565847Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565846Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565845Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565844Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565843Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565842Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565841Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565840Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565839Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565838Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565837Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565836Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565835Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565834Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565833Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565832Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565831Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565830Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565829Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565828Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565827Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565826Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565825Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565824Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565823Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.631{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565822Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.630{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565821Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.630{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565820Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.630{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565819Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.630{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565818Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.629{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565817Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.629{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565816Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.629{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565815Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.629{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565814Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.629{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565813Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.629{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565812Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.628{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565811Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.628{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565810Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.628{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565809Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.628{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565808Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.628{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565807Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.628{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565806Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.628{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565805Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.628{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565804Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.627{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565803Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.627{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009565802Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:57.062{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=639FF0FD408F82250765A9CC12B650E7,SHA256=F9D8126C8AE5D4A191A462468B36CA233547649E3222178EABBD3DD1794EAB54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871724Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:58.297{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F88E6F6F582231D1A0BC88A3018E88C,SHA256=4B4B05F8A93BA983F825D3C38D48D8756DFBA5417613F36F470023E24F62AFDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009565986Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.830{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B055766BD57C091EC8C9050C443EF08,SHA256=0D1469359D7E2FEF7CAD9AB6FA3CC4BB21940E985A804595714DAA68F222B454,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009565985Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565984Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565983Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565982Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565981Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565980Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565979Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565978Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565977Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565976Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565975Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565974Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565973Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565972Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565971Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565970Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565969Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565968Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565967Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565966Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.777{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565965Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565964Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565963Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565962Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565961Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565960Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565959Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565958Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565957Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565956Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565955Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565954Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565953Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565952Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565951Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565950Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565949Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565948Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565947Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565946Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565945Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565944Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565943Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565942Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565941Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565940Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565939Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565938Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565937Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565936Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565935Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565934Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565933Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565932Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565931Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565930Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565929Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565928Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565927Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565926Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565925Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565924Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565923Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565922Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565921Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565920Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565919Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565918Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565917Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565916Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565915Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565914Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565913Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565912Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565911Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565910Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565909Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565908Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565907Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565906Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565905Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565904Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565903Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565902Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565901Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565900Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565899Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565898Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565897Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565896Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.761{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009565895Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.193{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C8AADDA9EF1164C0C097FD8C9151E51,SHA256=A639DCE238AD16DF46CCD22482A0483AC0D522A3962337D4A6377AEA1BB96151,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009565894Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:58.177{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=388677476C4D5E57D77B590BF11AE90B,SHA256=B47A7811D73A7AE1F256A0FE802B921A4B466ACAD405958C2779557E7B09EF76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871725Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:03:59.297{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25BD8A74C087B2D2DA69BBE4BB28D66C,SHA256=10124BCC08387E006939352F949481010637ADC6FE8A9C77942D21B788C3ECBA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009566077Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566076Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566075Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566074Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566073Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566072Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566071Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566070Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566069Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566068Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566067Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566066Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566065Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566064Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566063Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566062Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566061Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566060Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566059Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566058Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566057Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566056Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566055Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.861{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566054Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566053Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566052Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566051Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566050Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566049Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566048Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566047Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566046Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566045Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566044Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566043Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566042Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566041Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566040Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566039Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566038Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566037Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566036Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566035Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566034Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566033Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566032Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566031Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566030Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566029Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566028Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566027Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566026Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566025Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566024Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566023Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566022Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566021Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566020Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566019Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566018Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566017Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566016Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566015Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566014Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566013Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566012Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566011Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566010Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566009Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566008Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566007Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566006Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566005Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566004Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566003Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566002Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566001Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566000Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565999Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565998Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565997Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565996Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565995Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565994Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565993Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565992Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565991Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565990Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565989Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009565988Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.845{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009565987Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.192{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE1809C3E0B4F2D735C0B1315E805CDA,SHA256=7CEB6F85D2BC39A7BD1BBB21137F173E931BD793FE059F9AEA7C355D705CAC93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871726Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:00.297{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94ED49EE548B9E358753617A2156FA01,SHA256=8C2AB67D7ED35B6BB526A6A01541E080F76FD641CA09EB5662D35E10D5C8AED0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009566194Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.931{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566193Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.931{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D50-6196-517D-000000000E02}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Users\Administrator\Downloads\procexp64.exe+51b6c|C:\Users\Administrator\Downloads\procexp64.exe+538b7|C:\Users\Administrator\Downloads\procexp64.exe+a9f81|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566192Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.931{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D50-6196-517D-000000000E02}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+79325|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+793d7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b639|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b529|C:\Users\Administrator\Downloads\procexp64.exe+747e7|C:\Users\Administrator\Downloads\procexp64.exe+a9f6e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566191Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.931{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D50-6196-517D-000000000E02}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|C:\Users\Administrator\Downloads\procexp64.exe+a9e0f|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566190Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.931{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D50-6196-517D-000000000E02}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\winsta.dll+1178|C:\Windows\SYSTEM32\winsta.dll+10b5|C:\Users\Administrator\Downloads\procexp64.exe+a5184|C:\Users\Administrator\Downloads\procexp64.exe+a951e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566189Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.931{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D50-6196-517D-000000000E02}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a9381|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566188Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.931{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566187Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.931{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566186Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.931{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566185Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.930{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566184Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.930{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566183Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.930{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566182Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.930{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566181Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.930{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566180Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.930{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566179Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.930{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566178Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.929{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566177Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.929{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566176Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.929{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566175Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.929{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566174Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.929{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566173Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.929{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566172Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.929{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566171Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.928{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566170Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.928{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566169Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.928{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566168Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.928{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566167Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.928{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566166Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.928{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566165Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.927{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566164Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.926{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566163Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.926{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566162Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.926{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566161Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.926{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566160Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.926{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566159Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.926{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566158Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.925{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566157Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.925{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566156Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.925{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566155Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.925{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566154Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.925{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566153Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.925{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566152Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566151Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566150Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566149Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566148Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566147Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566146Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566145Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566144Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566143Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566142Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566141Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566140Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566139Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566138Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566137Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566136Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566135Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566134Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566133Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566132Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566131Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566130Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566129Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566128Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566127Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566126Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566125Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566124Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566123Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566122Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566121Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566120Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566119Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566118Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566117Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566116Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566115Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566114Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566113Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566112Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566111Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566110Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566109Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566108Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566107Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566106Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566105Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566104Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566103Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566102Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566101Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566100Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.909{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566099Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.878{CBEA6AB7-6F15-6192-E504-000000000E02}46204348C:\Windows\Explorer.EXE{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+55a50|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9824|UNKNOWN(FFFFF8037A4EFD08)|UNKNOWN(FFFFB2CDE74A5B48)|UNKNOWN(FFFFB2CDE74A5CC7)|UNKNOWN(FFFFB2CDE74A0351)|UNKNOWN(FFFFB2CDE74A1D1A)|UNKNOWN(FFFFB2CDE749FFD6)|UNKNOWN(FFFFF8037A208103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+592ab|C:\Windows\System32\SHELL32.dll+dac6a|C:\Windows\System32\SHCORE.dll+33fad 10341000x80000000000000009566098Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.878{CBEA6AB7-6F15-6192-E504-000000000E02}46204348C:\Windows\Explorer.EXE{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+55531|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9824|UNKNOWN(FFFFF8037A4EFD08)|UNKNOWN(FFFFB2CDE74A5B48)|UNKNOWN(FFFFB2CDE74A5CC7)|UNKNOWN(FFFFB2CDE74A0351)|UNKNOWN(FFFFB2CDE74A1D1A)|UNKNOWN(FFFFB2CDE749FFD6)|UNKNOWN(FFFFF8037A208103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+592ab|C:\Windows\System32\SHELL32.dll+dac6a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009566097Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.878{CBEA6AB7-70F1-6192-4305-000000000E02}6104ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RFf6e7a82.TMPMD5=F20644104B78BBA493E005BEA6974AA1,SHA256=58A0C1017F7A57FB4ECCC4719818C6D81FC0438EB9A722F1A19C9D041C31A377,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009566096Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.778{CBEA6AB7-6A9A-6192-B000-000000000E02}1056764C:\Windows\system32\conhost.exe{CBEA6AB7-5D50-6196-517D-000000000E02}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566095Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.778{CBEA6AB7-69FF-6192-0500-000000000E02}408524C:\Windows\system32\csrss.exe{CBEA6AB7-5D50-6196-517D-000000000E02}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009566094Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.778{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566093Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.778{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566092Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.778{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566091Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.778{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566090Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.778{CBEA6AB7-6A9A-6192-AC00-000000000E02}29243444C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CBEA6AB7-5D50-6196-517D-000000000E02}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009566089Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.763{CBEA6AB7-5D50-6196-517D-000000000E02}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CBEA6AB7-69FF-6192-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009566088Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.332{CBEA6AB7-5D50-6196-507D-000000000E02}32288928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009566087Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.247{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32F59CDF14F0C1D2FB5B6A9F2202E991,SHA256=9A0E0DA88793788AFA91D558B02995A77F82E0054C82528F2C01EAB6CE2BB56E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009566086Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.107{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F38ADFDF39CAAEF5E9BE5F9774DAD7D1,SHA256=D4B62AAF02E4DF5EFEC948C4C61A158F202ECF24810A75D0842D514CEF451920,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009566085Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.092{CBEA6AB7-6A9A-6192-B000-000000000E02}1056764C:\Windows\system32\conhost.exe{CBEA6AB7-5D50-6196-507D-000000000E02}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566084Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.092{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566083Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.092{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566082Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.092{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566081Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.092{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566080Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.092{CBEA6AB7-69FF-6192-0500-000000000E02}408524C:\Windows\system32\csrss.exe{CBEA6AB7-5D50-6196-507D-000000000E02}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009566079Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.092{CBEA6AB7-6A9A-6192-AC00-000000000E02}29243444C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CBEA6AB7-5D50-6196-507D-000000000E02}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009566078Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:00.062{CBEA6AB7-5D50-6196-507D-000000000E02}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{CBEA6AB7-69FF-6192-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000009566300Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.979{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566299Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.979{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566298Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.979{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566297Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.979{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566296Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566295Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566294Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566293Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566292Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566291Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566290Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566289Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566288Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566287Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566286Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566285Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566284Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566283Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566282Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566281Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566280Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566279Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566278Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566277Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566276Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566275Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566274Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566273Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566272Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566271Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566270Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566269Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566268Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566267Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566266Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566265Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566264Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566263Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566262Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566261Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566260Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566259Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566258Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566257Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566256Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871727Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:01.328{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AF2781606157C49190A564AB1B8FEAC,SHA256=E7E660581C3EB30C7968B2E2FEFDE5380E4102C6A96DF9B1EF1AAB3AEB91B930,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009566255Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566254Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566253Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566252Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566251Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566250Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566249Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566248Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566247Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566246Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566245Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566244Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566243Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566242Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566241Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566240Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566239Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566238Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566237Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566236Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566235Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566234Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566233Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566232Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566231Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566230Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566229Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566228Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566227Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566226Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566225Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566224Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566223Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566222Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566221Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566220Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566219Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566218Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566217Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566216Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566215Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566214Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566213Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566212Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566211Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.963{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566210Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.863{CBEA6AB7-6A01-6192-0D00-000000000E02}9048272C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566209Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.863{CBEA6AB7-6A01-6192-0D00-000000000E02}9048272C:\Windows\system32\svchost.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566208Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.863{CBEA6AB7-6A01-6192-0D00-000000000E02}9048272C:\Windows\system32\svchost.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566207Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.610{CBEA6AB7-5D51-6196-527D-000000000E02}83241224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009566206Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.409{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4266A9B44E1282C52E791E6D19C0DBE,SHA256=738D23A7ABDA37B246EE78DCA6474A7C7AC5D2A00A77198531041CA997365D21,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009566205Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.393{CBEA6AB7-6A9A-6192-B000-000000000E02}1056764C:\Windows\system32\conhost.exe{CBEA6AB7-5D51-6196-527D-000000000E02}8324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566204Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.393{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566203Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.393{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566202Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.393{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566201Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.393{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566200Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.393{CBEA6AB7-69FF-6192-0500-000000000E02}408492C:\Windows\system32\csrss.exe{CBEA6AB7-5D51-6196-527D-000000000E02}8324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009566199Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.393{CBEA6AB7-6A9A-6192-AC00-000000000E02}29243444C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CBEA6AB7-5D51-6196-527D-000000000E02}8324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009566198Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.381{CBEA6AB7-5D51-6196-527D-000000000E02}8324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CBEA6AB7-69FF-6192-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009566197Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.378{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2209DFC85B59820A3D803D39A805F4F2,SHA256=A188C4959DB545EFCE0F4434ED59EFB81F206E6C9821151A499498E62C8A284A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009566196Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.378{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA329E5EDD5AA247127274443E175D35,SHA256=941F1C4F44E627C765AA17C9F9F1BBA24FA75784D190B3AD3C2800270BCEE734,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009566195Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.378{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F43216A6DAF0BB05D0CF6CC56C70FDE3,SHA256=DD9BBF79B7BD3BBA6747C36F6799B5BB677B7CD3797F02A843AE2B7541B9CD41,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000871729Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:15.765{068A336D-6CC7-6192-CB00-000000000F02}3384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-273.attackrange.local55379-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000871728Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:02.328{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D744363B1006DF39A7BBDA66BE1C0808,SHA256=557ED60B1A145F30321992A189E628CE77258E54CD17584C103D0CA387EF376E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009566319Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.662{CBEA6AB7-6A9A-6192-B000-000000000E02}1056764C:\Windows\system32\conhost.exe{CBEA6AB7-5D52-6196-547D-000000000E02}184C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566318Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.662{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566317Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.662{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566316Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.662{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566315Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.662{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566314Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.662{CBEA6AB7-69FF-6192-0500-000000000E02}408524C:\Windows\system32\csrss.exe{CBEA6AB7-5D52-6196-547D-000000000E02}184C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009566313Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.662{CBEA6AB7-6A9A-6192-AC00-000000000E02}29243444C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CBEA6AB7-5D52-6196-547D-000000000E02}184C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009566312Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.650{CBEA6AB7-5D52-6196-547D-000000000E02}184C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CBEA6AB7-69FF-6192-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009566311Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.647{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E362199031E5C2EC3AA709E2898D2E09,SHA256=53E263A34CAD30E64CBC97587D1B5CF8E1DE9A50D49BA74AF9F3F8BD4672D3E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009566310Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.378{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2209DFC85B59820A3D803D39A805F4F2,SHA256=A188C4959DB545EFCE0F4434ED59EFB81F206E6C9821151A499498E62C8A284A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009566309Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.048{CBEA6AB7-6A9A-6192-B000-000000000E02}1056764C:\Windows\system32\conhost.exe{CBEA6AB7-5D52-6196-537D-000000000E02}8372C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566308Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.032{CBEA6AB7-69FF-6192-0500-000000000E02}408424C:\Windows\system32\csrss.exe{CBEA6AB7-5D52-6196-537D-000000000E02}8372C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009566307Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.032{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566306Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.032{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566305Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.032{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566304Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.032{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566303Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.032{CBEA6AB7-6A9A-6192-AC00-000000000E02}29243444C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CBEA6AB7-5D52-6196-537D-000000000E02}8372C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009566302Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.029{CBEA6AB7-5D52-6196-537D-000000000E02}8372C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CBEA6AB7-69FF-6192-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009566301Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:02.032{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72DDADE870104674AF3BD11A1619B79C,SHA256=71240257B6D07B035E16FC0128C278AE62B3F4DE7C9FC90ADDB42F4A3A24B5E6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000871731Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:17.585{068A336D-6C46-6192-1000-000000000F02}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.251-45290-false10.0.1.15win-host-273.attackrange.local3389ms-wbt-server 23542300x8000000000000000871730Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:03.344{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFA689CF3664F89C643407A636A067B3,SHA256=48B23392EE0902A9EF088D79BAD930BB4CEBB2E5D08B15D967DBA95494FABAC4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009566594Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.962{CBEA6AB7-6A9A-6192-B000-000000000E02}1056764C:\Windows\system32\conhost.exe{CBEA6AB7-5D53-6196-567D-000000000E02}6076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566593Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.962{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566592Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.946{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566591Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.946{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566590Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.946{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566589Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.946{CBEA6AB7-69FF-6192-0500-000000000E02}408424C:\Windows\system32\csrss.exe{CBEA6AB7-5D53-6196-567D-000000000E02}6076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009566588Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.946{CBEA6AB7-6A9A-6192-AC00-000000000E02}29243444C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CBEA6AB7-5D53-6196-567D-000000000E02}6076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009566587Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.947{CBEA6AB7-5D53-6196-567D-000000000E02}6076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CBEA6AB7-69FF-6192-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000009566586Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.647{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D0D1858E4008301B339C15427C4D0ADE,SHA256=219C4492E3176E040A7FAE4972B4183713397C2209B3DE9D3AB4DC8C17CB9BE3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009566585Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.478{CBEA6AB7-5D53-6196-557D-000000000E02}79928136C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009566584Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.447{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D30A2DE9520BE1899A9079629B16461B,SHA256=1AA8A7A8E55199D7106D0CBB1319DE46E9F14656D4774EA106CFD6C9300721E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009566583Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.294{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE211ABCE8BB4939BF5B597C00BC2A0E,SHA256=56230D1615B82CD3FE1A2E73294003A7E513FA7E2D542EF4FAB460C2DFE160A5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009566582Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.279{CBEA6AB7-6A9A-6192-B000-000000000E02}1056764C:\Windows\system32\conhost.exe{CBEA6AB7-5D53-6196-557D-000000000E02}7992C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566581Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.279{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566580Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.279{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566579Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.279{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566578Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.279{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566577Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.279{CBEA6AB7-69FF-6192-0500-000000000E02}408424C:\Windows\system32\csrss.exe{CBEA6AB7-5D53-6196-557D-000000000E02}7992C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009566576Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.279{CBEA6AB7-6A9A-6192-AC00-000000000E02}29243444C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CBEA6AB7-5D53-6196-557D-000000000E02}7992C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009566575Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.269{CBEA6AB7-5D53-6196-557D-000000000E02}7992C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CBEA6AB7-69FF-6192-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x80000000000000009566574Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:03:59.143{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-970.attackrange.local50333-false10.0.1.12-8000- 10341000x80000000000000009566573Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.063{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566572Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.063{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566571Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.063{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566570Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.063{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566569Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.063{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566568Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.063{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566567Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.063{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566566Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.063{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566565Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.063{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566564Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.063{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566563Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.063{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566562Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.063{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566561Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.063{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566560Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.063{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566559Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.063{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566558Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.063{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566557Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566556Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566555Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566554Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566553Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566552Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566551Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566550Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566549Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566548Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566547Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566546Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566545Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566544Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566543Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566542Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566541Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566540Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566539Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566538Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566537Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566536Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566535Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566534Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566533Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566532Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566531Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566530Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566529Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566528Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566527Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566526Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566525Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566524Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566523Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566522Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566521Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566520Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566519Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566518Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566517Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566516Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566515Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566514Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566513Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566512Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566511Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566510Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566509Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566508Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566507Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566506Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566505Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566504Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566503Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566502Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566501Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566500Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566499Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566498Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566497Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566496Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566495Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566494Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566493Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566492Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566491Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566490Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566489Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566488Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566487Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566486Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566485Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566484Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566483Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566482Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566481Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566480Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566479Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566478Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566477Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566476Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566475Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566474Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566473Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566472Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566471Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566470Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566469Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566468Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566467Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566466Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566465Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566464Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566463Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566462Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566461Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566460Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566459Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566458Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566457Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566456Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566455Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566454Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566453Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566452Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.047{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566451Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566450Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566449Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566448Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566447Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566446Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566445Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566444Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566443Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566442Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566441Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566440Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566439Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566438Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566437Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566436Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566435Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566434Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566433Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566432Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566431Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566430Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566429Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566428Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566427Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566426Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566425Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566424Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566423Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566422Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566421Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566420Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566419Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566418Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566417Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566416Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566415Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566414Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566413Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566412Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566411Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566410Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566409Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566408Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566407Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566406Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566405Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566404Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566403Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566402Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566401Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566400Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566399Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566398Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566397Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566396Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566395Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566394Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566393Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566392Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566391Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566390Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566389Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566388Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566387Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566386Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566385Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566384Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566383Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566382Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566381Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566380Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566379Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566378Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566377Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566376Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566375Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566374Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566373Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566372Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566371Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566370Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566369Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566368Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566367Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566366Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566365Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566364Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566363Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566362Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566361Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566360Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566359Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566358Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566357Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566356Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566355Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566354Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566353Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566352Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566351Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566350Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566349Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566348Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566347Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566346Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566345Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566344Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566343Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566342Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566341Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566340Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.032{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566339Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.031{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566338Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.031{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566337Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.031{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566336Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.031{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566335Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.031{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566334Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.030{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566333Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.030{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566332Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.030{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566331Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.030{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566330Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.030{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566329Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.030{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566328Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.029{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566327Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.029{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566326Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.029{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566325Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.029{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566324Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.029{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566323Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.029{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566322Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.029{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566321Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.028{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566320Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:03.028{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871733Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:04.828{068A336D-6C46-6192-1200-000000000F02}984NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=0E623943E97B724709AF7C9F9A1301D9,SHA256=A0B7BEC738A49716F5591B2B100407B4686EE6D1ACEAAA38ACF723EDB6E6529C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871732Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:04.359{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EDA7996235BF57E23CC226E085E9DF7,SHA256=DB7921CF486BB1A2E61EEC4F90DDE07BAD76018B840595217E4E2486C6CD884F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009566693Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.977{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B1CC6256AFF8AE22C0D689B69AE098DF,SHA256=3E58177CB00D24397367173688171CC8E96A695DAF8CA17DB4C9668CB5D631F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009566692Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.593{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ACC81E00DD3F89B4F6E5055943669217,SHA256=7B91E4396A34CF051B43566750F50806F49953CB19291FF51CC70ABD05A63DFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009566691Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.262{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F319F78428739B8386175981ED40DA1,SHA256=B6E71943D3F42AC1576EEA3A914DAC24A1EFBE2D9E5CB02E4E4F190530494283,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009566690Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.146{CBEA6AB7-5D53-6196-567D-000000000E02}60768160C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566689Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.131{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566688Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.130{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D53-6196-567D-000000000E02}6076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Users\Administrator\Downloads\procexp64.exe+51b6c|C:\Users\Administrator\Downloads\procexp64.exe+538b7|C:\Users\Administrator\Downloads\procexp64.exe+a9f81|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566687Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.130{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D53-6196-567D-000000000E02}6076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+79325|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+793d7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b639|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b529|C:\Users\Administrator\Downloads\procexp64.exe+747e7|C:\Users\Administrator\Downloads\procexp64.exe+a9f6e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566686Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.130{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D53-6196-567D-000000000E02}6076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|C:\Users\Administrator\Downloads\procexp64.exe+a9e0f|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566685Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.125{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D53-6196-567D-000000000E02}6076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\winsta.dll+1178|C:\Windows\SYSTEM32\winsta.dll+10b5|C:\Users\Administrator\Downloads\procexp64.exe+a5184|C:\Users\Administrator\Downloads\procexp64.exe+a951e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566684Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.125{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D53-6196-567D-000000000E02}6076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a9381|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566683Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.125{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566682Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.124{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566681Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.124{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566680Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566679Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566678Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566677Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566676Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566675Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566674Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566673Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566672Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566671Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566670Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566669Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566668Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566667Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566666Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566665Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566664Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566663Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566662Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566661Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566660Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566659Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566658Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566657Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566656Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566655Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566654Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566653Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566652Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566651Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566650Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566649Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566648Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566647Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566646Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566645Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566644Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566643Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566642Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566641Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566640Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566639Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566638Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566637Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566636Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566635Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566634Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566633Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566632Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566631Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566630Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566629Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566628Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566627Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566626Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566625Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566624Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566623Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566622Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566621Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566620Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566619Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566618Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566617Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566616Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566615Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566614Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566613Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566612Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566611Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566610Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566609Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566608Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566607Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566606Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566605Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566604Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566603Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566602Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566601Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566600Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566599Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566598Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566597Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566596Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566595Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.109{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000871735Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:19.032{068A336D-6C46-6192-1000-000000000F02}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.36-49412-false10.0.1.15win-host-273.attackrange.local3389ms-wbt-server 23542300x8000000000000000871734Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:05.359{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8D1961EFD2CF1B5D2795D3674D6677B,SHA256=844497524DDB4C7BC6C2324C2550204A9E2A7A9CFEF966E75B57F99F4D0A5CC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009566786Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.845{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6065D32BC3FAE663189CA5F82BBB7D58,SHA256=8B5717F2DC02B32786F1A4149EEBF75B14ED32843EBDA0B88B2B84AAEAA891EE,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009566785Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:01.719{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse212.102.35.144unn-212-102-35-144.cdn77.com50288-false10.0.1.14win-dc-970.attackrange.local3389ms-wbt-server 23542300x80000000000000009566784Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.228{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADA241E00C0A9D89213678C0090E7D96,SHA256=B3ACC7FEA2E742E7F2FF0D1B3367AA6CC07273334AF67CEA981D453940B94F3E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009566783Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.192{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566782Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.192{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566781Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.192{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566780Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.192{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566779Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566778Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566777Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566776Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566775Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566774Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566773Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566772Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566771Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566770Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566769Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566768Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566767Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566766Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566765Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566764Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566763Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566762Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566761Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566760Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566759Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566758Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566757Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566756Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566755Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566754Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566753Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566752Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566751Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566750Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566749Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566748Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566747Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566746Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566745Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566744Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566743Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566742Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566741Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566740Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566739Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566738Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566737Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566736Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566735Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566734Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566733Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566732Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566731Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566730Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566729Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566728Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566727Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566726Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566725Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566724Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566723Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566722Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566721Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566720Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566719Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566718Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566717Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566716Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566715Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566714Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566713Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566712Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566711Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566710Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566709Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566708Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566707Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566706Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566705Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566704Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566703Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566702Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566701Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566700Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566699Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566698Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566697Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566696Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566695Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566694Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.177{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871736Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:06.547{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C3ADA93D97D677F748DDA1DD391E8F8,SHA256=8EFA04C6C141E78D48C89F26D7DC63EC95288AF34ABD2BFE08F110E2FDC58658,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009566878Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.875{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15D46892FFCD2FB3159C47A735FD853C,SHA256=4DACA52FD4930A0D4E85CF9AB7D748BA24D9045B6F36401C63BE4BF50DA004F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009566877Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.476{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=484E6DEAE549F76BED6F067DFC7099D8,SHA256=2AE08859762B520EA4B711A3F86BEECC4FBF2178F19F6ED329BECF227A10B382,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009566876Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566875Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566874Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566873Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566872Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566871Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566870Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566869Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566868Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566867Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566866Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566865Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566864Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566863Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566862Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566861Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566860Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566859Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566858Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566857Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566856Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566855Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566854Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566853Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.260{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566852Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566851Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566850Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566849Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566848Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566847Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566846Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566845Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566844Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566843Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566842Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566841Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566840Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566839Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566838Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566837Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566836Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566835Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566834Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566833Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566832Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566831Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566830Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566829Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566828Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566827Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566826Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566825Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566824Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566823Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566822Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566821Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566820Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566819Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566818Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566817Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566816Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566815Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566814Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566813Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566812Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566811Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566810Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566809Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566808Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566807Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566806Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566805Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566804Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566803Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566802Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566801Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566800Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566799Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566798Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566797Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566796Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566795Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566794Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566793Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566792Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566791Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566790Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566789Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566788Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566787Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:06.245{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871738Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:07.656{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BC6F907D5B32E5569DFDA305A78B7B8,SHA256=C1F47A3A7CF5C2C979A98A86F547CFD1041A114FB1553B415BEC87BD0DA17D12,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000871737Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:21.097{068A336D-6C46-6192-1000-000000000F02}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.98-48698-false10.0.1.15win-host-273.attackrange.local3389ms-wbt-server 23542300x80000000000000009566971Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.427{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70F22864712B4ACFD5EDEABE0C796C0D,SHA256=F1496DDE99DEC4F7875352C6171F2DFFBEFF3EB6258590B94E78A6E465C48710,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009566970Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.329{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566969Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.329{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566968Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.329{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566967Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.329{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566966Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.329{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566965Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.329{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566964Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.329{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566963Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.328{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566962Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.327{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566961Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.327{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566960Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.327{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566959Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.326{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566958Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.326{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566957Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.326{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566956Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.326{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566955Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.326{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566954Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.326{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566953Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.326{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566952Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.325{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566951Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.324{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566950Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.324{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566949Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.324{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566948Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.324{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566947Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.323{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566946Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566945Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566944Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566943Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566942Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566941Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566940Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566939Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566938Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566937Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566936Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566935Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566934Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566933Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566932Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566931Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566930Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566929Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566928Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566927Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566926Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566925Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566924Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566923Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566922Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566921Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566920Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566919Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566918Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566917Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566916Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566915Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566914Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566913Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566912Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566911Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566910Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566909Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566908Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566907Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566906Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566905Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566904Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566903Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566902Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566901Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566900Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566899Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566898Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566897Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566896Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566895Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566894Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566893Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566892Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566891Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566890Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566889Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566888Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009566887Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-70F1-6192-4305-000000000E02}6104ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mm8x5u6x.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009566886Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566885Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566884Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566883Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566882Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566881Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566880Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009566879Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:07.306{CBEA6AB7-70F1-6192-4305-000000000E02}6104ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mm8x5u6x.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=CF2586D039549675F2A8B968299B022D,SHA256=620AF2C0E60CF8CCDAD4AF2EC7509B5FA871349DBFC8A73AA2BF611EB08F9E0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871740Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:08.656{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16351E75E3EFF0395815529A878A45EC,SHA256=456D4F62FEB12CF2E8DAD53D6502E02D3962F9E3F68F16CEF7A4740B66A90E5E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000871739Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:21.656{068A336D-6CC7-6192-CB00-000000000F02}3384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-273.attackrange.local55380-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000009567065Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.426{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA701943EA88AEC3E17A01EB86F998B9,SHA256=FF8B7CA818FFE8075D07A3B118A4CB839D18A28168ABE50DBD57FA9C72BDE72A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009567064Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567063Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567062Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567061Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567060Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567059Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567058Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567057Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567056Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567055Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567054Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567053Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567052Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567051Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567050Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567049Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567048Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567047Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567046Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567045Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567044Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567043Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567042Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567041Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567040Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567039Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567038Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567037Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567036Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567035Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567034Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567033Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567032Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567031Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567030Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.391{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567029Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567028Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567027Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567026Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567025Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567024Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567023Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567022Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567021Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567020Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567019Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567018Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567017Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567016Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567015Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567014Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567013Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567012Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567011Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567010Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567009Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567008Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567007Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567006Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567005Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567004Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567003Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567002Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567001Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567000Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566999Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566998Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566997Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566996Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566995Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566994Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566993Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566992Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566991Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566990Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566989Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566988Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566987Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566986Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566985Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566984Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566983Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566982Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566981Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566980Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566979Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566978Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566977Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566976Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009566975Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.375{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x80000000000000009566974Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:04.172{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-970.attackrange.local50334-false10.0.1.12-8000- 23542300x80000000000000009566973Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.259{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D08F45518C4286F528E97468164C56FA,SHA256=719B18551628378067628CD7A06E9576E98BF6D6ADD33214BC3CCC870E8CBE61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009566972Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:08.044{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86D5217B0B4C9FDD543B0E60B07E9E14,SHA256=4A550B2B1D01433BEDF3D06106079C7A8E643984AA83FA7987F6BDBE98AA9FA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871741Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:09.656{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=578727B9F2FB12C8E3D1BF87739B28C4,SHA256=C8F66C4188F5F2ABB052DE27CFD14CCE61BCB7B73721803BDACC28B446530DDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009567158Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.592{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10D70E65C09BB294CCB1EE48EB0DB0AA,SHA256=C46B842AF371477155CBA32A45B494179BD64E2030B4D732C3C355525AFC808B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009567157Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.561{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C1EA2A6E8F6B9C6357F5EFA4B38D4A8,SHA256=302F941EF6E2E9D4B5E8A49FA7F0E40B9FCC09A17DDB7B1B6169B92D675CA77A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009567156Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.476{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567155Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.476{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567154Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.476{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567153Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.476{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567152Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.476{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567151Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.476{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567150Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.476{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567149Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.476{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567148Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.476{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567147Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567146Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567145Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567144Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567143Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567142Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567141Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567140Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567139Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567138Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567137Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567136Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567135Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567134Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567133Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567132Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567131Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567130Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567129Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567128Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567127Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567126Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567125Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567124Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567123Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567122Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567121Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567120Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567119Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567118Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567117Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567116Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567115Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567114Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567113Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567112Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567111Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567110Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567109Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567108Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567107Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567106Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567105Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567104Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567103Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567102Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567101Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567100Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567099Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567098Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567097Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567096Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567095Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567094Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567093Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567092Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567091Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567090Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567089Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567088Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567087Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567086Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567085Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567084Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567083Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567082Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567081Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567080Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567079Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567078Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567077Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567076Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567075Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567074Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567073Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567072Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567071Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567070Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567069Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567068Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567067Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:09.461{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x80000000000000009567066Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:05.088{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.98-59456-false10.0.1.14win-dc-970.attackrange.local3389ms-wbt-server 23542300x8000000000000000871742Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:10.672{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ECCCC6BFE34708D5555D555F4C68DB28,SHA256=399E142BA1258558862564DD6FC176E66B217CDA528217354184ADA2CFAEB97B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009567250Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.560{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E74AABCAE0704B0D467AD875870BA880,SHA256=D509897C240937B19A7774669A4E08EDCDC5DC036F001003C26BA2876F66F1AC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009567249Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567248Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567247Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567246Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567245Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567244Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567243Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567242Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567241Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567240Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567239Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567238Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567237Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567236Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567235Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567234Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567233Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567232Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567231Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567230Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567229Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567228Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567227Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567226Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567225Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567224Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567223Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567222Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567221Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567220Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567219Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567218Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567217Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567216Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567215Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567214Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567213Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567212Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567211Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567210Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567209Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567208Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567207Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567206Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567205Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567204Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567203Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567202Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567201Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567200Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567199Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567198Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567197Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567196Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567195Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567194Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567193Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567192Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567191Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567190Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567189Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567188Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567187Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567186Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567185Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567184Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567183Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567182Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.528{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567181Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.527{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567180Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.527{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567179Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.527{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567178Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.527{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567177Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.527{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567176Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.527{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567175Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.527{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567174Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.527{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567173Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.526{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567172Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.526{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567171Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.526{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567170Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.526{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567169Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.526{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567168Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.526{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567167Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.526{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567166Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.526{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567165Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.526{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567164Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.525{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567163Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.525{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567162Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.525{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567161Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.525{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567160Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.524{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009567159Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.129{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D79BF4377EF7DA4601C24B77242C0B4,SHA256=22B2FCAA1469645515A2D955D201B656FD1E92380DBAC6BD015641FD32A49F54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871744Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:11.687{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBBCFA870D9110116BD85E6C56BAD9D5,SHA256=7FF85ED2517EE3F270F56F813B03C95F3D93B0A81DEC1EBFA5EE10FD28C4987F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000871743Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:25.556{068A336D-6C46-6192-1000-000000000F02}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.36-35162-false10.0.1.15win-host-273.attackrange.local3389ms-wbt-server 23542300x80000000000000009567342Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.759{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E810FAEB21ADBC45C9E38555698423C0,SHA256=421F4C6199360985CD1E3B7E3015E4F39760B40B83913BDCAE986C080A63654B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009567341Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.590{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567340Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.590{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567339Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.590{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567338Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.590{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567337Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.590{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567336Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.590{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567335Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.590{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567334Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.590{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567333Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.590{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567332Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.590{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567331Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.590{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567330Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.590{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567329Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.590{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567328Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.590{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567327Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.590{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567326Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.590{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567325Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.590{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567324Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.590{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567323Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567322Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567321Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567320Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567319Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567318Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567317Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567316Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567315Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567314Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567313Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567312Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567311Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567310Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567309Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567308Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567307Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567306Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567305Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567304Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567303Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567302Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567301Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567300Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567299Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567298Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567297Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567296Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567295Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567294Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567293Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567292Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567291Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567290Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567289Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567288Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567287Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567286Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567285Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567284Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567283Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567282Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567281Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567280Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567279Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567278Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567277Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567276Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567275Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567274Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567273Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567272Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567271Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567270Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567269Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567268Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567267Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567266Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567265Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567264Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567263Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567262Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567261Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567260Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567259Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567258Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567257Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567256Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567255Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567254Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567253Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567252Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.574{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009567251Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:11.143{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D9473675D7C732AFEFCC25B8755206B,SHA256=7EE40FADD76EDD311A0CAE2C061A8790C1069FC46ABAB50C1E370C4128DE4255,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871745Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:12.719{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8EFB289C96984F8C759A8E305AB6887,SHA256=09B6B9BEBA572919B87342A58FEE99FAB7A3A8884DDE75A28A0576C3D6F0A475,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009567434Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.690{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E3CDC744784783CD6B8BD94071448E3,SHA256=BC7DC886EAAC4B89F601449C17683AFA95804527F7E35AB2CA50EEA985587EDF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009567433Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.658{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567432Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.658{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567431Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.658{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567430Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.658{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567429Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.658{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567428Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.658{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567427Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.658{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567426Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.658{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567425Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.658{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567424Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.658{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567423Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567422Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567421Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567420Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567419Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567418Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567417Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567416Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567415Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567414Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567413Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567412Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567411Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567410Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567409Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567408Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567407Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567406Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567405Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567404Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567403Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567402Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567401Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567400Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567399Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567398Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567397Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567396Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567395Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567394Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567393Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567392Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567391Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567390Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567389Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567388Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567387Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567386Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567385Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567384Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567383Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567382Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567381Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567380Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567379Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567378Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567377Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567376Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567375Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567374Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567373Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567372Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567371Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567370Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567369Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567368Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567367Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567366Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567365Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567364Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567363Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567362Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567361Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567360Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567359Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567358Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567357Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567356Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567355Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567354Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567353Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567352Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567351Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567350Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567349Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567348Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567347Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567346Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567345Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567344Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.643{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009567343Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:12.159{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=362D0B2CAFDA39F323A8EDDD083716DC,SHA256=F7F4E2DA3ECEF6F77EA64DAE3C0D277BF2C16E2513BFF4B9BE2179FDD6079DEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871748Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:13.734{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1F876997F4376336BC1DA6905376890,SHA256=7934699747DE4D9CEEBF92CD11D9FB5655AE5352A37092D26D990D7DA428FE68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009567691Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.892{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A9599B1BD32093F3E39494724FFD2F1,SHA256=EF52458259333675DAF3DC0FBB8FD652C81B655824682AF0933307AA2392C22D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009567690Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.849{CBEA6AB7-6A11-6192-2900-000000000E02}2928NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-03effd326efd96c31\channels\health\respondent-20211115140924-4206MD5=B1D65678BAAFB9FBC346ADDC22B9EF13,SHA256=A60E4A1EB0B1846EE4D092EA74D659E3EDD5022A58AD08DA4DCF9E97FBF70157,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009567689Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567688Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567687Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567686Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567685Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567684Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567683Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567682Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567681Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567680Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567679Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567678Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567677Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567676Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567675Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567674Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567673Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567672Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567671Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567670Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567669Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567668Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567667Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.728{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567666Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.727{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567665Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.726{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567664Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.726{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567663Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.726{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567662Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.726{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567661Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.726{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567660Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.725{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567659Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.725{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567658Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.725{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567657Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.725{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567656Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.725{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567655Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.725{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567654Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.725{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567653Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.725{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567652Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.725{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000871747Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:26.753{068A336D-6C46-6192-1000-000000000F02}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse136.25.184.139136-25-184-139.cab.webpass.net61712-false10.0.1.15win-host-273.attackrange.local3389ms-wbt-server 354300x8000000000000000871746Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:26.749{068A336D-6CC7-6192-CB00-000000000F02}3384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-273.attackrange.local55381-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x80000000000000009567651Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.724{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567650Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.724{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567649Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.724{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567648Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.724{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567647Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.724{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567646Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.723{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567645Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.723{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567644Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.723{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567643Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.723{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567642Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.722{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567641Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.722{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567640Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.722{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567639Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.722{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567638Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.722{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567637Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567636Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567635Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567634Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567633Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567632Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567631Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567630Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567629Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567628Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567627Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567626Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567625Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567624Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567623Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567622Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567621Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567620Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567619Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567618Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567617Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567616Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567615Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567614Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567613Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567612Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567611Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567610Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567609Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567608Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567607Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567606Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567605Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567604Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567603Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567602Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567601Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567600Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567599Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567598Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567597Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567596Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567595Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567594Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567593Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567592Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567591Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567590Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567589Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567588Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567587Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567586Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567585Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567584Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567583Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567582Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567581Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567580Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567579Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567578Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567577Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567576Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567575Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567574Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567573Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567572Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567571Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567570Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567569Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567568Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567567Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567566Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567565Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567564Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567563Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567562Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567561Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567560Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567559Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567558Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567557Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567556Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567555Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567554Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567553Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567552Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567551Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567550Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567549Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567548Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567547Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567546Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567545Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567544Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567543Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567542Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567541Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567540Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567539Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567538Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567537Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567536Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567535Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567534Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567533Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567532Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567531Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567530Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567529Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567528Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567527Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567526Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567525Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567524Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567523Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567522Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567521Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567520Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567519Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567518Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567517Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567516Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567515Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567514Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567513Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567512Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567511Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567510Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567509Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567508Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567507Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567506Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567505Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567504Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567503Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567502Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.706{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567501Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567500Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567499Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567498Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567497Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567496Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567495Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567494Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567493Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567492Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567491Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567490Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567489Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567488Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567487Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567486Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567485Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567484Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567483Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567482Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567481Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567480Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567479Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567478Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567477Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567476Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567475Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567474Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567473Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567472Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567471Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567470Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567469Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567468Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567467Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567466Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567465Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567464Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567463Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567462Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567461Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567460Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567459Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567458Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567457Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567456Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567455Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567454Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567453Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567452Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567451Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567450Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567449Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567448Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567447Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567446Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567445Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567444Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567443Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567442Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567441Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567440Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567439Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567438Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567437Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567436Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.691{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009567435Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:13.190{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C216B5D6BB83510F35775B06F80F3C32,SHA256=6E587F8CB57CD290CB260BC492AEADFA07B9A7C23C9CBDCEA73F77FB56B353B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871749Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:14.770{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88ABD4572E3C8CB416D90010D9DC11C3,SHA256=443340D1EDB7023A04F6B97B3EA0AF8408CD961937B666147B397F46B83E7FC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009567785Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.862{CBEA6AB7-6A11-6192-2900-000000000E02}2928NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-03effd326efd96c31\channels\health\surveyor-20211115140922-4207MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009567784Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.843{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA5F5D86B8AA9DD70B90973ABD7841C9,SHA256=F2A624FAD866319942092D8A41F3ED021C2D8ECC0AF9A026798023CBCD851D95,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009567783Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.790{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567782Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.790{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567781Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.790{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567780Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.790{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567779Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.790{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567778Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.790{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567777Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.790{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567776Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.790{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567775Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.790{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567774Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.790{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567773Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.790{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567772Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.790{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567771Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.790{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567770Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.790{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567769Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.790{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567768Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.790{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567767Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.790{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567766Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.790{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567765Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567764Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567763Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567762Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567761Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567760Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567759Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567758Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567757Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567756Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567755Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567754Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567753Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567752Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567751Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567750Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567749Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567748Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567747Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567746Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567745Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567744Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567743Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567742Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567741Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567740Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567739Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567738Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567737Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567736Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567735Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567734Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567733Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567732Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567731Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567730Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567729Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567728Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567727Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567726Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567725Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567724Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567723Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567722Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567721Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567720Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567719Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567718Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567717Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567716Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567715Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567714Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567713Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567712Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567711Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567710Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567709Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567708Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567707Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567706Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567705Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567704Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567703Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567702Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567701Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567700Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567699Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567698Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567697Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567696Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567695Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567694Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.774{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x80000000000000009567693Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:10.124{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-970.attackrange.local50335-false10.0.1.12-8000- 23542300x80000000000000009567692Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:14.223{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A66D4F0F65DE0B32F21D65A1C31A4553,SHA256=3A5F86F87E3D13905969EF12D6389635525487B39D3D375827B342FB45A84A6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871750Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:15.832{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4419EFEF6C93F6EB31949CD56A20B936,SHA256=28CD3C57016B792226CF1964AFF00F32352C0E8DD8584D8B6DAC4F274DFC4D7E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009567876Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.859{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567875Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.859{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567874Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.859{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567873Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.859{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567872Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.859{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567871Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.859{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567870Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.859{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567869Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.859{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567868Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.859{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567867Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.859{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567866Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.859{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567865Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.859{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567864Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.859{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567863Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.859{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567862Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.859{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567861Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.859{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567860Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.859{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567859Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.859{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567858Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567857Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567856Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567855Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567854Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567853Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567852Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567851Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567850Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567849Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567848Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567847Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567846Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567845Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567844Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567843Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567842Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567841Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567840Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567839Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567838Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567837Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567836Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567835Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567834Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567833Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567832Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567831Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567830Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567829Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567828Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567827Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567826Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567825Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567824Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567823Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567822Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567821Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567820Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567819Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567818Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567817Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567816Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567815Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567814Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567813Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567812Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567811Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567810Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567809Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567808Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567807Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567806Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567805Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567804Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567803Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567802Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567801Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567800Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567799Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567798Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567797Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567796Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567795Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567794Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567793Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567792Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567791Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567790Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567789Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567788Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567787Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.844{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009567786Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:15.243{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70E91A2E73D5C265C4CD155D31A27F88,SHA256=BD2697E3870511FE4D2E5493915620BB4B0D4F0F71B8A10DCA0AE65F48C587A6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000871752Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:30.024{068A336D-6C46-6192-1000-000000000F02}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.251-44442-false10.0.1.15win-host-273.attackrange.local3389ms-wbt-server 23542300x8000000000000000871751Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:16.832{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0AD7CFE9A55C0059817A28D2A42774E,SHA256=97B2D1108395DE51757EDD6634B8AAB902BB1953AD03345A7E02FCDF60A5640C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009567978Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.927{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567977Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.927{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567976Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.927{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567975Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.927{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567974Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.927{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567973Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.927{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567972Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.927{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567971Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.927{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567970Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.927{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567969Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.927{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567968Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.927{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567967Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.927{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567966Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.927{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567965Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.927{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567964Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.926{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567963Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.925{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567962Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.924{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567961Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.924{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567960Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.922{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567959Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.922{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567958Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.922{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567957Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.922{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567956Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.921{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567955Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.921{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567954Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567953Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567952Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567951Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567950Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567949Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567948Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567947Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567946Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567945Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567944Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567943Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567942Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567941Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567940Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567939Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567938Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567937Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567936Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567935Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567934Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567933Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567932Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567931Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567930Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567929Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567928Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567927Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567926Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567925Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567924Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567923Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567922Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567921Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567920Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567919Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567918Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567917Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567916Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567915Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567914Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567913Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567912Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567911Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567910Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567909Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567908Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567907Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567906Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567905Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567904Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567903Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567902Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567901Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567900Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567899Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567898Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567897Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567896Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567895Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567894Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567893Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567892Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567891Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567890Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567889Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.905{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x80000000000000009567888Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-SetValue2021-11-18 14:04:16.590{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x80000000000000009567887Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-SetValue2021-11-18 14:04:16.590{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0f6eb7d9) 13241300x80000000000000009567886Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-SetValue2021-11-18 14:04:16.590{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7dc7c-0xca47add3) 13241300x80000000000000009567885Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-SetValue2021-11-18 14:04:16.590{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7dc85-0x2c0c15d3) 13241300x80000000000000009567884Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-SetValue2021-11-18 14:04:16.590{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7dc8d-0x8dd07dd3) 13241300x80000000000000009567883Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-SetValue2021-11-18 14:04:16.590{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x80000000000000009567882Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-SetValue2021-11-18 14:04:16.590{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0f6eb7d9) 13241300x80000000000000009567881Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-SetValue2021-11-18 14:04:16.590{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7dc7c-0xca4bee5b) 13241300x80000000000000009567880Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-SetValue2021-11-18 14:04:16.590{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7dc85-0x2c10565b) 13241300x80000000000000009567879Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-SetValue2021-11-18 14:04:16.590{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7dc8d-0x8dd4be5b) 23542300x80000000000000009567878Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.243{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5DF06D02220F6E49ECBC1872B5853327,SHA256=84C63B841FC4AD6047BA693F2BB7A6A387C2ABE0EE50C3E0A5757F850D419482,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009567877Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.059{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD21E73E41C2AD0143F3118F845D94F3,SHA256=5CED5526EB81758D0D0362E74692FE3BAB638F94D2870FF70BDD9A4198EA02BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871753Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:17.864{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47FEFB9AA58FF6BA7FBC5160270E3F6F,SHA256=0666B64246B53D49E738B4AAD9541B6B49EE990B15DCB5C054074ECF1FC34BF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009567980Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:17.423{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B57E2FC76B7C7B3289DD013DA2507244,SHA256=85C78A165D9F839E536F27432DE181D6F11C5BB54D62442D80BBEBAE8CCF4989,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009567979Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:17.390{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=673E68C78D6B1A529F217F35CC3C851A,SHA256=C0E08D7EE208940239635855A5708DD8B1DE42DEC5CEEE1F190205BE127C0115,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000871755Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:32.691{068A336D-6CC7-6192-CB00-000000000F02}3384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-273.attackrange.local55382-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000871754Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:18.879{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C24771EAB55505852D8AB990DCF5D2EA,SHA256=EE862D0CE61F1DBF922CC6490AAABF481721844CDBA3B430EEDDE5649E7711A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568073Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.573{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEE9C7C1B87213EB74A66E66C5C58450,SHA256=BA2E805F0D621AF22009B08D732324D40C0AC6593DA1ED067F1A865C32F7FF29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568072Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.558{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EEED3D36E297CED3801FEEA11E81C65,SHA256=2E16E76B822BA842AC083CB829C7CD8FB92B920A7EB6CF920D308F236927140A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568071Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.242{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=47924363BFCF3B4A097B86E40E4E7419,SHA256=8356DEBEE939B571BD7D6AB4B2A446F14009311B96140D9F0ED5895D79B46548,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009568070Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.043{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568069Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.043{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568068Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.043{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568067Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.043{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568066Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.043{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568065Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.043{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568064Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.043{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568063Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.043{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568062Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.043{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568061Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.043{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568060Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.043{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568059Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.043{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568058Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568057Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568056Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568055Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568054Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568053Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568052Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568051Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568050Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568049Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568048Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568047Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568046Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568045Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568044Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568043Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568042Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568041Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568040Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568039Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568038Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568037Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568036Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568035Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568034Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568033Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568032Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568031Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568030Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568029Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568028Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568027Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568026Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568025Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568024Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568023Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568022Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568021Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568020Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568019Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568018Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568017Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568016Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568015Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568014Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568013Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568012Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568011Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568010Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568009Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568008Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568007Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568006Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568005Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568004Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568003Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568002Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568001Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568000Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567999Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567998Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567997Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.027{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567996Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.025{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567995Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.025{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567994Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.025{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567993Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.025{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567992Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.025{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567991Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.024{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567990Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.024{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567989Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.024{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567988Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.024{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567987Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.024{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567986Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.024{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567985Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.024{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567984Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.024{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567983Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.024{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567982Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.024{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009567981Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:18.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000871757Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:33.969{068A336D-6C46-6192-1000-000000000F02}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.98-48632-false10.0.1.15win-host-273.attackrange.local3389ms-wbt-server 23542300x8000000000000000871756Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:19.895{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66AD8FF1D86EF059BA3F84FDB28EEEF7,SHA256=6F8A9A09F32A8ABCE110E74F42E93911C1B3416501026FF55D419301C8E09B66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568167Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.857{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7BC52D1BE3FD1AA8E95878415E87E28,SHA256=7DBDF5DACE65653FD68844FB288821D6745B8018C7930A1A2BF959569A2713D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568166Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.242{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=76B804243BDB9B871CE4703C24C7894B,SHA256=5D6DAA3D196D3BE2246332070F727249CE63D74F2A4D59DF562F2B5F0E7D8981,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568165Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.242{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4AF3AE3F371BEE6A35E1893D6C71160A,SHA256=BD104F6E766F9AA6117ECB0C14D8AE4E65806E5F1074E6DA4DE5855548A617D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568164Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.223{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91F0D7CAE6B9E88AAE5D9DCDBFA0DD9E,SHA256=A0CF804C88AF1EE90DABDFCB4C47365D1BAE09A1BCEB8E041FE9D82BA6A1AEAA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009568163Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.105{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568162Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.105{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568161Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.105{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568160Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.105{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568159Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.105{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568158Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.105{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568157Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.105{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568156Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.105{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568155Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.105{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568154Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568153Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568152Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568151Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568150Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568149Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568148Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568147Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568146Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568145Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568144Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568143Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568142Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568141Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568140Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568139Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568138Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568137Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568136Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568135Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568134Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568133Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568132Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568131Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568130Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568129Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568128Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568127Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568126Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568125Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568124Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568123Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568122Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568121Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568120Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568119Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568118Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568117Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568116Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568115Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568114Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568113Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568112Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568111Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568110Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568109Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568108Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568107Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568106Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568105Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568104Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568103Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568102Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568101Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568100Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568099Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568098Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568097Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568096Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568095Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568094Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568093Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568092Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568091Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568090Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568089Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568088Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568087Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568086Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568085Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568084Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568083Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568082Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568081Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568080Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568079Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568078Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568077Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568076Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568075Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568074Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.089{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871758Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:20.910{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=544A57C011A119968E19DB05D0AB6F15,SHA256=25C3710A51A7516B9572200C2B4EF677F0D58A9B1AAF4A3BF8CAC68539073626,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009568261Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.186{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-970.attackrange.local50337-false10.0.1.12-8089- 354300x80000000000000009568260Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.086{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-970.attackrange.local50336-false10.0.1.12-8000- 354300x80000000000000009568259Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:16.075{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.251-33230-false10.0.1.14win-dc-970.attackrange.local3389ms-wbt-server 23542300x80000000000000009568258Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.203{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8A3F122BE6EA0572B0000301DD63404,SHA256=660F5F75F7E03010C3DB40B7C9E67651371358063A9926A2BBB09019EDFCBD2E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009568257Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.157{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568256Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.157{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568255Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.157{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568254Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.157{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568253Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.157{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568252Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.157{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568251Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.157{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568250Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.157{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568249Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.157{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568248Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.157{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568247Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.157{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568246Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.157{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568245Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.157{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568244Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.157{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568243Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.157{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568242Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568241Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568240Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568239Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568238Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568237Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568236Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568235Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568234Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568233Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568232Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568231Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568230Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568229Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568228Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568227Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568226Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568225Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568224Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568223Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568222Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568221Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568220Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568219Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568218Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568217Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568216Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568215Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568214Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568213Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568212Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568211Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568210Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568209Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568208Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568207Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568206Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568205Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568204Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568203Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568202Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568201Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568200Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568199Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568198Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568197Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568196Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568195Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568194Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568193Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568192Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568191Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568190Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568189Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568188Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568187Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568186Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568185Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568184Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568183Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568182Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568181Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568180Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568179Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568178Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568177Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568176Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568175Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568174Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568173Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568172Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568171Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568170Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568169Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568168Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:20.141{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871759Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:21.973{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F35D584C480439B6332435DA145040AB,SHA256=C5C2FD088283E01568A81D5C0F67F2EE6A6EB87E426F054D976FEFB0286DF582,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568353Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.372{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B9FCFA50DFA62AFD878724416538D07,SHA256=CADC2C61272E558CA4ED979F05A1F4A4C5C72BE96B3577B11FEBE822EB16E665,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568352Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.341{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A8C98C1EBB9094E7E3795ABF4361690,SHA256=7BC22C3723493D61411AD170142A8E1C07EDDA8C4A9BCDFB87169FFB8A6E216D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009568351Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.240{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568350Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.240{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568349Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.240{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568348Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.240{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568347Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.240{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568346Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.240{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568345Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.240{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568344Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.240{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568343Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.240{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568342Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.240{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568341Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.240{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568340Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568339Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568338Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568337Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568336Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568335Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568334Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568333Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568332Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568331Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568330Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568329Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568328Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568327Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568326Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568325Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568324Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568323Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568322Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568321Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568320Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568319Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568318Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568317Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568316Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568315Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568314Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568313Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568312Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568311Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.225{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568310Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.224{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568309Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.223{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568308Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.223{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568307Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.222{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568306Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.221{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568305Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.220{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568304Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.219{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568303Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568302Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568301Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568300Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568299Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568298Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568297Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568296Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568295Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568294Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568293Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568292Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568291Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568290Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568289Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568288Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568287Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568286Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568285Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568284Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568283Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568282Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568281Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568280Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568279Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568278Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568277Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568276Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568275Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568274Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568273Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568272Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568271Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568270Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568269Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568268Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568267Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568266Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568265Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568264Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568263Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568262Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.203{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871760Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:22.973{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D47AA357F2F43CFFCFACF4507F2520F,SHA256=A640F78BFECEEE88E63B1F441532EB06D7C06613C41D068A9FA967D8EED2973F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568446Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.904{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=76B804243BDB9B871CE4703C24C7894B,SHA256=5D6DAA3D196D3BE2246332070F727249CE63D74F2A4D59DF562F2B5F0E7D8981,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568445Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.489{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5AC6AE9904D15D17FD233CC1D43FD02,SHA256=E074E83833CF1E8FD1057D814E87E7FEB2D971F0B7140489B3D28262BBC67B58,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009568444Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.326{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568443Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.326{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568442Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.326{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568441Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.326{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568440Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.325{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568439Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.325{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568438Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.324{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568437Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.324{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568436Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.324{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568435Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.324{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568434Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.323{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568433Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.323{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568432Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.323{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568431Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.322{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568430Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.322{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568429Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.322{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568428Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.322{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568427Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.322{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568426Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.321{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568425Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.321{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568424Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.320{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568423Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.320{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568422Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.320{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568421Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568420Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568419Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568418Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568417Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568416Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568415Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568414Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568413Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568412Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568411Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568410Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568409Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568408Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568407Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568406Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568405Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568404Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568403Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568402Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568401Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568400Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568399Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568398Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568397Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568396Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568395Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568394Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568393Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568392Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568391Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568390Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568389Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.304{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568388Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568387Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568386Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568385Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568384Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568383Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568382Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568381Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568380Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568379Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568378Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568377Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568376Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568375Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568374Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568373Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568372Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568371Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568370Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568369Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568368Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568367Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568366Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568365Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568364Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568363Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568362Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568361Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568360Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568359Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568358Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568357Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568356Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568355Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.289{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009568354Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.204{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46FDA3B1723DFABC28AAA34456741468,SHA256=AF979BFCAF9E37BD999303C55281CC8CDC59753B8AFBA2C7A862D32D4808EFE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871761Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:23.973{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A992656953CD25F7158C5CF3BB4A540,SHA256=FBBA55735730C71CFF022BCE2E11CC45C239A764F731CFDF1C5634EEC5382DD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568538Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.441{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=352BAF0FCD63533F5EDC2ED075A5C6F2,SHA256=1BA534D8E5A64DACFDA5A4E3CB7632E8972D4E30873FCE2C7549AFA93F130CD7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009568537Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568536Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568535Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568534Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568533Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568532Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568531Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568530Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568529Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568528Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568527Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568526Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568525Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568524Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568523Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568522Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568521Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568520Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568519Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568518Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568517Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568516Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568515Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568514Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568513Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568512Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568511Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568510Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568509Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568508Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568507Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568506Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568505Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568504Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568503Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568502Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568501Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568500Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568499Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568498Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.404{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568497Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568496Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568495Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568494Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568493Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568492Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568491Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568490Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568489Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568488Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568487Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568486Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568485Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568484Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568483Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568482Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568481Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568480Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568479Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568478Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568477Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568476Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568475Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568474Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568473Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568472Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568471Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568470Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568469Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568468Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568467Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568466Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568465Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568464Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568463Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568462Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568461Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568460Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568459Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568458Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568457Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568456Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568455Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568454Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568453Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568452Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568451Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568450Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568449Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568448Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.388{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009568447Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:23.226{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5BD2A55735E0B8CA9628B29ED26AE20,SHA256=78C593EAB7BDE94BA72C4E610E537C500F6B8CAD2BDCD380058502DDC4DEADC0,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009568799Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.758{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.98-34328-false10.0.1.14win-dc-970.attackrange.local3389ms-wbt-server 354300x80000000000000009568798Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:19.757{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.251-41770-false10.0.1.14win-dc-970.attackrange.local3389ms-wbt-server 23542300x80000000000000009568797Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.622{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E93E1A2BA6F3B274A42B0C1712DFFE8,SHA256=CEEE446B374826F723791FB183D697F72BB8C762F0B5438AF8E4E4208FAFB387,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568796Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.603{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EB8F0224CA5AC9160CCF254BA4728EE,SHA256=433BD66979713E3375A0F1977377DB6AEEB9BE925D5504D5B98C638FB47BA8B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568795Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.572{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B823AB64E4916F1F15B47F2AEA6629B,SHA256=6B3F11A7AC7FE9FB0DBE59A2C0B7E8999F9F8FC92DDE00023ED5A45B54D6430D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568794Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.572{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=16EDC60D5FB495128EEA4A98558057FA,SHA256=137F8475B1EEBF043056B08F6E4B2EFB293E8515ABA5AD986F9A8D8BDDF0ECC3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009568793Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568792Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568791Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568790Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568789Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568788Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568787Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568786Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568785Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568784Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568783Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568782Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568781Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568780Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568779Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568778Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568777Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568776Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568775Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568774Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568773Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568772Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568771Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568770Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568769Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568768Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568767Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568766Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568765Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568764Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568763Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568762Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568761Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568760Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568759Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568758Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568757Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568756Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568755Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568754Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568753Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568752Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568751Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568750Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568749Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568748Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568747Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568746Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568745Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568744Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568743Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568742Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568741Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568740Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568739Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568738Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568737Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568736Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568735Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568734Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568733Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568732Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568731Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568730Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.487{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568729Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568728Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568727Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568726Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568725Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568724Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568723Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568722Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568721Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568720Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568719Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568718Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568717Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568716Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568715Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568714Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568713Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568712Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568711Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568710Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568709Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568708Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568707Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568706Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568705Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568704Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568703Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568702Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568701Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568700Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568699Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568698Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568697Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568696Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568695Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568694Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568693Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568692Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568691Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568690Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568689Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568688Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568687Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871763Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:24.989{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66EAE32210003A3F497C21D3DA257D43,SHA256=D9039DF4919E590D15163623D81CAE073381EAE3037230CB6F0569724AFD8971,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009568686Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568685Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568684Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568683Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568682Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568681Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568680Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568679Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568678Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568677Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568676Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568675Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568674Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568673Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568672Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568671Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568670Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568669Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568668Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568667Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568666Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568665Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568664Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568663Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568662Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568661Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568660Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568659Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568658Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568657Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568656Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568655Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568654Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568653Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568652Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568651Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568650Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568649Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568648Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568647Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568646Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568645Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568644Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568643Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568642Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568641Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568640Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568639Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568638Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568637Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568636Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568635Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568634Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568633Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568632Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568631Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568630Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568629Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568628Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568627Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568626Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568625Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568624Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568623Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568622Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568621Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568620Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568619Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568618Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568617Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568616Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568615Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568614Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568613Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568612Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568611Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568610Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568609Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568608Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568607Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568606Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568605Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568604Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568603Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568602Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.471{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568601Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568600Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568599Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568598Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568597Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568596Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568595Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568594Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568593Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568592Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568591Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568590Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568589Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568588Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568587Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568586Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568585Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568584Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568583Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568582Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568581Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568580Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568579Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568578Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568577Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568576Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568575Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568574Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568573Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568572Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568571Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568570Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568569Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568568Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568567Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568566Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568565Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568564Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568563Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568562Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568561Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568560Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568559Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568558Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568557Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568556Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568555Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568554Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568553Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568552Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568551Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568550Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568549Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000871762Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:38.692{068A336D-6CC7-6192-CB00-000000000F02}3384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-273.attackrange.local55383-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x80000000000000009568548Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568547Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568546Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568545Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568544Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568543Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568542Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568541Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568540Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.456{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009568539Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:24.240{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C0C17D038E0F58760820244B268E7C8,SHA256=AB02694D73B355ED9EE62AD387698340057E592FF1EE3B944E229EF581EEBE1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568893Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.787{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C21EB54844DACC1F51C57CBCDEC06087,SHA256=BCACE43DD6BD48F603640C3A76A5550A6D0CDDAD821897A7118A0AE80294EC30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568892Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.756{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=753FE04576528CF2E2C12A85F13507E6,SHA256=F85E90D448297E496CDD0FA8822C9E82E909CE135901CA070E0D535C92DB5468,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009568891Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.756{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7EB487A925CFFC5B07FA10F0FAC85DF9,SHA256=1B31A150014A1F10DEEB96E45E095838C3353E4CC4FBD64F77913A48BF7C7993,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009568890Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568889Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568888Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568887Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568886Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568885Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568884Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568883Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568882Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568881Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568880Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568879Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568878Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568877Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568876Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568875Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568874Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568873Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568872Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568871Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568870Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568869Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568868Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568867Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568866Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568865Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568864Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568863Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.572{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568862Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568861Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568860Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568859Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568858Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568857Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568856Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568855Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568854Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568853Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568852Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568851Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568850Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568849Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568848Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568847Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568846Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568845Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568844Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568843Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568842Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568841Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568840Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568839Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568838Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568837Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568836Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568835Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568834Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568833Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568832Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568831Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568830Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568829Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568828Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568827Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568826Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568825Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568824Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568823Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568822Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568821Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568820Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568819Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568818Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568817Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568816Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568815Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568814Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568813Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568812Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568811Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568810Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568809Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568808Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568807Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568806Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568805Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568804Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568803Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568802Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568801Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.556{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x80000000000000009568800Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:21.264{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.36-51412-false10.0.1.14win-dc-970.attackrange.local3389ms-wbt-server 23542300x80000000000000009568988Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.921{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C02BB7B2A9DDAD360C8AEB209703EFD0,SHA256=53441DF2AD9B5C46764EF193E762CFE6328C5C579D949A247AE9A3446D6DEE08,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009568987Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.655{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568986Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.655{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568985Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.655{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568984Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.655{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568983Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.655{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568982Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.655{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568981Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.655{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568980Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.655{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568979Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.655{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568978Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.655{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568977Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.655{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568976Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.655{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568975Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.655{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568974Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.655{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568973Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.655{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568972Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.655{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568971Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.655{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568970Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.655{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568969Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568968Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568967Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568966Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568965Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568964Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568963Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568962Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568961Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568960Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568959Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568958Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568957Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568956Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568955Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568954Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568953Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568952Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568951Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568950Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568949Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568948Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568947Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568946Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568945Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568944Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568943Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568942Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568941Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568940Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568939Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568938Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568937Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568936Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568935Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568934Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568933Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568932Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568931Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568930Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568929Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568928Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568927Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568926Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568925Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568924Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568923Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568922Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568921Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568920Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568919Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568918Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568917Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568916Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568915Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568914Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568913Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568912Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568911Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568910Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568909Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568908Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568907Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568906Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568905Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568904Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568903Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568902Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568901Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568900Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568899Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568898Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.640{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x80000000000000009568897Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.637{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-970.attackrange.local50339-true0:0:0:0:0:0:0:1win-dc-970.attackrange.local389ldap 354300x80000000000000009568896Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.637{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-970.attackrange.local50339-true0:0:0:0:0:0:0:1win-dc-970.attackrange.local389ldap 354300x80000000000000009568895Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:22.105{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-970.attackrange.local50338-false10.0.1.12-8000- 23542300x80000000000000009568894Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.457{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A93C6B6B76F66472B38C2BA98BC4AAC6,SHA256=2D18CF859D70F722E111593A4771636F269DE62B8D88D7FF83D8D9ABCD616E1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871764Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:26.051{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=658B8B5CF2B3C1E513377540DCF2DDDA,SHA256=237269BC30A6A31805368753657B2890677FDF3770AF4D34F313D372ED812E80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009569080Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.857{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B054907628DB9BAB1911999F4E00C92,SHA256=00E2C548AD35ACF56F0A8ACE75584D4B7F9EA3142399EF656A0913BD73E94E4E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009569079Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.722{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569078Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569077Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569076Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569075Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569074Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569073Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569072Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569071Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569070Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569069Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569068Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569067Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569066Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569065Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569064Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569063Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569062Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569061Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569060Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569059Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569058Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569057Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569056Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569055Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569054Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.704{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569053Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569052Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871766Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:27.082{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D86CFD1574A2E2493910767F562B629,SHA256=BF8987481C29C946CC7CACEA574E62955A60D6C1099A0F6F8E2235A95A9789BA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009569051Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569050Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569049Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569048Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569047Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569046Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569045Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569044Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569043Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569042Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569041Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569040Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569039Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569038Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569037Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569036Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569035Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569034Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569033Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569032Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569031Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569030Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569029Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569028Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569027Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569026Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569025Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569024Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569023Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569022Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569021Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569020Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569019Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569018Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569017Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569016Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569015Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569014Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569013Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569012Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569011Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569010Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569009Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569008Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569007Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569006Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569005Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569004Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569003Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569002Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569001Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569000Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568999Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568998Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568997Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568996Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568995Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568994Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568993Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568992Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568991Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009568990Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.689{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009568989Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:27.522{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=649634FAD8D320B44E754C0A7B4E352C,SHA256=B50A8328411B4DD6D40F8C47100B38CE109BE4FCD230B14D7699C68B458F6D62,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000871765Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:41.280{068A336D-6C46-6192-1000-000000000F02}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.251-41038-false10.0.1.15win-host-273.attackrange.local3389ms-wbt-server 23542300x80000000000000009569172Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.972{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FAD0C3A8921A3EC2F4C0E34984564C6F,SHA256=A0703327C4906AC931BE0ABF8B8C13CC9A7AC6B56FB5B8F2DF056BFBCB11A13A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009569171Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.823{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569170Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.821{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569169Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.821{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569168Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.820{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569167Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.820{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569166Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.820{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569165Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.819{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569164Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.819{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569163Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.819{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569162Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.819{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569161Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.819{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569160Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.819{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569159Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569158Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569157Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569156Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569155Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569154Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569153Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569152Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569151Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569150Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569149Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569148Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569147Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569146Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871768Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:28.176{068A336D-6CBE-6192-9900-000000000F02}3876NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=47924363BFCF3B4A097B86E40E4E7419,SHA256=8356DEBEE939B571BD7D6AB4B2A446F14009311B96140D9F0ED5895D79B46548,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871767Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:28.098{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8532D4E5667ACF7D0081A4A1810528F6,SHA256=7C1AEEC35335F75CF0FA9E24E0336F737B0C34A9D33F8261F89B7D8239662689,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009569145Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569144Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569143Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569142Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569141Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569140Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569139Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569138Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569137Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569136Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569135Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569134Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569133Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569132Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569131Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569130Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569129Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569128Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569127Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569126Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569125Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569124Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569123Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569122Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569121Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569120Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569119Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569118Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569117Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569116Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569115Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569114Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569113Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569112Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569111Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569110Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569109Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569108Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569107Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569106Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569105Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569104Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569103Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569102Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569101Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569100Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569099Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569098Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569097Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569096Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569095Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569094Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569093Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569092Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569091Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569090Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569089Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569088Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569087Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569086Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569085Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569084Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569083Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569082Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.803{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009569081Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.541{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE56A95322A193E1F3722438B8AD7224,SHA256=672713EA1EDBAF5F962D56D92E243C4A359283B94A2C07863D6D4EE2CA8D828D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009569266Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.988{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A6649A047061B68E8E3CAF8BD44B9FC,SHA256=969A222F8ABA83295DDC72670BFE1D707EDB8851F7A64C50C777FA9A5FFD50CC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009569265Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.889{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569264Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.889{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569263Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.889{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569262Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.889{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569261Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.889{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569260Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.889{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569259Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.889{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569258Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.889{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569257Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.889{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569256Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.889{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569255Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.889{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569254Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.889{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569253Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.889{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569252Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.889{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569251Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.889{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569250Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.889{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569249Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.889{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569248Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569247Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569246Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569245Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569244Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569243Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569242Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569241Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569240Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569239Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871769Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:29.098{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=293A2ECF9DCB0C05153B2CE02C9C637B,SHA256=5ADF0466F279470301EE66EDAE970D8B134BEAB89A8543CEFB057F01AAE844EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009569238Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569237Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569236Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569235Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569234Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569233Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569232Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569231Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569230Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569229Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569228Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569227Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569226Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569225Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569224Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569223Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569222Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569221Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569220Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569219Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569218Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569217Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569216Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569215Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569214Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569213Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569212Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569211Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569210Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569209Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569208Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569207Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569206Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569205Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569204Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569203Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569202Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569201Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569200Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569199Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569198Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569197Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569196Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569195Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569194Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569193Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569192Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569191Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569190Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569189Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569188Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569187Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569186Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569185Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569184Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569183Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569182Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569181Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569180Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569179Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569178Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569177Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569176Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.872{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009569175Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.572{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30F6F4BB18DC8D502DC03972ABD5D2C5,SHA256=31C2B554AC266D73650B2E415934A2A3FA89A1ABEDA778550889F60745C6A84E,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009569174Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:25.937{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.36-33398-false10.0.1.14win-dc-970.attackrange.local3389ms-wbt-server 23542300x80000000000000009569173Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.241{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D3769BD2801B90F6C722358734E7EAC6,SHA256=03F8179315710D954EDA1E9B9F65505F53D87DFDF05FB75D3A64E71F45D03D21,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009569358Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.956{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569357Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.956{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569356Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.956{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569355Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.956{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569354Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.956{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569353Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.956{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569352Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.956{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569351Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.956{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569350Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.956{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569349Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.956{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569348Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.956{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569347Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.956{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569346Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.956{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569345Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.956{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569344Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.956{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569343Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.956{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569342Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.956{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569341Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.956{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569340Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569339Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569338Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569337Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569336Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569335Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569334Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569333Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569332Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871771Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:30.098{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72DE6001A6443A47D272A3E7F03F09F9,SHA256=B3082CDD7D7F1396728C43DD6DEF14812DF183D76068091527F44D631BDF5942,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009569331Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569330Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569329Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569328Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569327Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569326Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569325Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569324Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569323Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569322Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569321Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569320Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569319Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569318Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569317Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569316Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569315Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569314Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569313Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569312Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569311Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569310Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569309Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569308Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569307Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569306Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569305Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569304Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569303Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569302Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569301Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569300Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569299Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569298Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569297Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569296Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569295Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569294Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569293Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569292Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569291Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569290Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569289Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569288Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569287Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569286Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569285Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569284Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569283Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569282Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569281Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569280Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569279Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569278Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569277Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569276Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569275Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569274Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569273Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569272Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569271Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569270Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569269Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.940{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x80000000000000009569268Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:26.716{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.251-56692-false10.0.1.14win-dc-970.attackrange.local3389ms-wbt-server 23542300x80000000000000009569267Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:30.587{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78145F501C16F5A446C0FFED73126158,SHA256=DC70FD9059EF560DCB52CEE6C1A59DF0DD1F61296E151EC7CCC1AC5F269096ED,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000871770Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:43.677{068A336D-6CBE-6192-9900-000000000F02}3876C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-273.attackrange.local55384-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000871774Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:31.098{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA337A9DD48BC242E42AD16A7826FA78,SHA256=175359ED80FF38B27D95B40D5B17B7BA68220C3D680DA707202E93B234EC1B67,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009569382Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.970{CBEA6AB7-6A01-6192-1600-000000000E02}12807600C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+43f7|C:\Windows\system32\wbem\wmiprvsd.dll+15538|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wbemcore.dll+b920|C:\Windows\system32\wbem\wbemcore.dll+255ff|C:\Windows\system32\wbem\wbemcore.dll+24a9a|C:\Windows\system32\wbem\wbemcore.dll+2485e|C:\Windows\system32\wbem\wbemcore.dll+2685b|C:\Windows\system32\wbem\wbemcore.dll+22b78|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569381Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.955{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653ea|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569380Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.939{CBEA6AB7-69FF-6192-0500-000000000E02}408424C:\Windows\system32\csrss.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009569379Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.939{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+366d9|c:\windows\system32\rpcss.dll+3bec2|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653ea|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569378Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.902{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569377Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.902{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569376Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.902{CBEA6AB7-69FF-6192-0B00-000000000E02}6249032C:\Windows\system32\lsass.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+1b02d|C:\Windows\system32\lsasrv.dll+27f0b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x80000000000000009569375Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.870{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\Temp.lnk2021-11-16 11:25:39.279 23542300x80000000000000009569374Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.870{CBEA6AB7-6F15-6192-E504-000000000E02}4620ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\Temp.lnkMD5=889FA6CD1928B163F8AC23E8C5BE9A1F,SHA256=8337983321154412F8C339656E98EE27E1B11B71FA254F3A1E84B90056CA5CC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009569373Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.870{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E8193280C1B8C2E34FBB3E274512B3CA,SHA256=16CE43CCEF981572A32160CFC0F1B0477C8C5F647E2AC066F6A728CEE70235CE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000009569372Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.817{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\poc.vbs.lnk2021-11-17 12:10:33.919 23542300x80000000000000009569371Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.802{CBEA6AB7-6F15-6192-E504-000000000E02}4620ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\poc.vbs.lnkMD5=7105ED1559D49C65EC1DAF7455339243,SHA256=A494B0C02BF97CB4EB7C5A9D421B0EBCC1FBBAEB4B8BAC207FDFA60732F8A0EC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009569370Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.786{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-577D-000000000E02}8664C:\Windows\System32\WScript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653ea|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569369Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.786{CBEA6AB7-6A01-6192-1600-000000000E02}12809088C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-577D-000000000E02}8664C:\Windows\System32\WScript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569368Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.786{CBEA6AB7-6A01-6192-1600-000000000E02}12801336C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-577D-000000000E02}8664C:\Windows\System32\WScript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569367Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.755{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569366Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.755{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569365Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.755{CBEA6AB7-6F11-6192-D304-000000000E02}40921012C:\Windows\system32\csrss.exe{CBEA6AB7-5D6F-6196-577D-000000000E02}8664C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009569364Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.755{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569363Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.755{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569362Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.755{CBEA6AB7-6F15-6192-E504-000000000E02}46202664C:\Windows\Explorer.EXE{CBEA6AB7-5D6F-6196-577D-000000000E02}8664C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+89d2f|C:\Windows\System32\windows.storage.dll+899a5|C:\Windows\System32\windows.storage.dll+89496|C:\Windows\System32\windows.storage.dll+8a908|C:\Windows\System32\windows.storage.dll+892be|C:\Windows\System32\windows.storage.dll+8c0d5|C:\Windows\System32\windows.storage.dll+8c454|C:\Windows\System32\windows.storage.dll+8ba90|C:\Windows\System32\windows.storage.dll+8e30a|C:\Windows\System32\windows.storage.dll+8e0c2|C:\Windows\System32\SHELL32.dll+3f8fd|C:\Windows\System32\SHELL32.dll+3e496|C:\Windows\System32\SHELL32.dll+80201|C:\Windows\System32\SHELL32.dll+6719e|C:\Windows\System32\SHELL32.dll+18cfac|C:\Windows\System32\SHELL32.dll+18cd03|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009569361Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.750{CBEA6AB7-5D6F-6196-577D-000000000E02}8664C:\Windows\System32\wscript.exe5.812.10240.16384Microsoft ® Windows Based Script HostMicrosoft ® Windows Script HostMicrosoft Corporationwscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\poc.vbs" C:\Temp\ATTACKRANGE\Administrator{CBEA6AB7-6F13-6192-9E98-2F0000000000}0x2f989e2HighMD5=95B2CC3A306C4C1059A53B660096F0A5,SHA256=8B2E206D1F6B510AD73C7541C03F39F9E4DDD7E3D1B9E31F3C8829C64B42E075,IMPHASH=661A40859BC6D47752E9FC5E02C1862C{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x80000000000000009569360Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.602{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D70E29F628BE2546F524C3DBB60BD92,SHA256=4C5CF95D3F888AA26786B24F5D475D2143286353D007B3693FD35F6809EAACC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009569359Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:31.102{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90F045909DA269C80E22353861677EF5,SHA256=6A2A819311AC1762078953606DD0FCEAF12D058491615598293EF1D0E9694309,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000871773Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:45.357{068A336D-6C46-6192-1000-000000000F02}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.36-50562-false10.0.1.15win-host-273.attackrange.local3389ms-wbt-server 354300x8000000000000000871772Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:44.739{068A336D-6CC7-6192-CB00-000000000F02}3384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-273.attackrange.local55385-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000871775Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:32.223{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B01103E97ED9E54361C15388F5EED5B7,SHA256=5EB82628576ADC5573682772E5D0035CA22807BF7544C6D79119941CCA6BE36E,IMPHASH=00000000000000000000000000000000falsetrue 13241300x80000000000000009569533Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.localT1122SetValue2021-11-18 14:04:32.986{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exeHKU\S-1-5-21-492600379-461247840-3315989157-500_Classes\WOW6432Node\CLSID\{89565275-A714-4a43-912E-978B935EDCCC}\InProcServer32\(Default)C:\Users\ADMINI~1\AppData\Local\Temp\2\dynwrapx.dll 734700x80000000000000009569532Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.986{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\dynwrapx.dll1.00DynamicWrapperX objectDynamicWrapperX-dynwrapx.dllMD5=E0B8DFD17B8E7DE760B273D18E58B142,SHA256=4EF3A6703ABC6B2B8E2CAC3031C1E5B86FE8B377FDE92737349EE52BD2604379,IMPHASH=5C1DE943A8B81217D14DA612C0C5B40Afalse-Unavailable 10341000x80000000000000009569531Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.986{CBEA6AB7-6A01-6192-1600-000000000E02}128096C:\Windows\system32\svchost.exe{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569530Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.986{CBEA6AB7-6A01-6192-1600-000000000E02}12801336C:\Windows\system32\svchost.exe{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009569529Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.920{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C27345131630E7033C9DE2331697A0DA,SHA256=6119E86B652206806B646E7274F818F58AF29459C4D2FC3A7C226D749CA211AE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009569528Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.839{CBEA6AB7-6F11-6192-D304-000000000E02}40923604C:\Windows\system32\csrss.exe{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009569527Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.839{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569526Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.839{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569525Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.839{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569524Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.839{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569523Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.839{CBEA6AB7-5D70-6196-597D-000000000E02}70327528C:\Windows\SYSWOW64\WSCRIPT.EXE{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9168(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e4c(wow64)|C:\Windows\System32\windows.storage.dll+110b0f(wow64)|C:\Windows\System32\windows.storage.dll+11082f(wow64)|C:\Windows\System32\windows.storage.dll+110577(wow64)|C:\Windows\System32\windows.storage.dll+111565(wow64)|C:\Windows\System32\windows.storage.dll+1103a1(wow64)|C:\Windows\System32\windows.storage.dll+11276a(wow64)|C:\Windows\System32\windows.storage.dll+112b67(wow64)|C:\Windows\System32\windows.storage.dll+112195(wow64)|C:\Windows\System32\SHELL32.dll+171154(wow64)|C:\Windows\System32\SHELL32.dll+17102e(wow64)|C:\Windows\System32\SHELL32.dll+1ae34a(wow64)|C:\Windows\System32\shcore.dll+2fffa(wow64) 154100x80000000000000009569522Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.843{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe10.0.14393.1378 (rs1_release.170620-2008)Microsoft(C) Register ServerMicrosoft® Windows® Operating SystemMicrosoft CorporationREGSVR32.EXE"C:\Windows\System32\regsvr32.exe" /I "C:\Users\ADMINI~1\AppData\Local\Temp\2\dynwrapx.dll"C:\Temp\ATTACKRANGE\Administrator{CBEA6AB7-6F13-6192-9E98-2F0000000000}0x2f989e2HighMD5=56CF190F4143DC68800C4125D6001B07,SHA256=F72ED4D11C9971A9B7CE0A5681EE35968A6B4CCDC2F2B3A9F3E81418605FA467,IMPHASH=D053774A49BA83FF54C68888CB687C6C{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SysWOW64\wscript.exe"C:\Windows\SYSWOW64\WSCRIPT.EXE" //b //e:vbscript "C:\Temp\poc.vbs" 10341000x80000000000000009569521Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.839{CBEA6AB7-69FF-6192-0B00-000000000E02}6247716C:\Windows\system32\lsass.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+25aa7|C:\Windows\system32\lsasrv.dll+26bed|C:\Windows\system32\lsasrv.dll+25925|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653ea|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569520Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.823{CBEA6AB7-69FF-6192-0B00-000000000E02}6247716C:\Windows\system32\lsass.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+67d1f|C:\Windows\system32\lsasrv.dll+2586d|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653ea|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009569519Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.818{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4107F4E4B617689969CC4B745F092C8D,SHA256=1E483A655D5872EA2B8319478BC03A85013290C9F2060B33FD35E1C9067A93E5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009569518Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.701{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569517Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.701{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569516Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.701{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569515Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.701{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569514Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.701{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569513Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.701{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569512Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.701{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569511Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.701{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569510Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.701{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x80000000000000009569509Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:29.166{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.98-54446-false10.0.1.14win-dc-970.attackrange.local3389ms-wbt-server 354300x80000000000000009569508Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.659{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.36-39758-false10.0.1.14win-dc-970.attackrange.local3389ms-wbt-server 354300x80000000000000009569507Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:28.121{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-970.attackrange.local50340-false10.0.1.12-8000- 10341000x80000000000000009569506Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.286{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653ea|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569505Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.286{CBEA6AB7-6A01-6192-1600-000000000E02}12809088C:\Windows\system32\svchost.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569504Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.286{CBEA6AB7-6A01-6192-1600-000000000E02}12801336C:\Windows\system32\svchost.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009569503Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.186{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA9C787806C478235F50490FC49B2789,SHA256=8FFCD51FA32FD8AF6D8184DD1BF13D7FB20983267F703172424AB9C04A0EC1BD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009569502Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.086{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569501Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.086{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569500Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.086{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569499Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.086{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569498Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.055{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569497Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.055{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Users\Administrator\Downloads\procexp64.exe+51b6c|C:\Users\Administrator\Downloads\procexp64.exe+538b7|C:\Users\Administrator\Downloads\procexp64.exe+a9f81|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569496Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.055{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+79325|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+793d7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b639|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b529|C:\Users\Administrator\Downloads\procexp64.exe+747e7|C:\Users\Administrator\Downloads\procexp64.exe+a9f6e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569495Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.055{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|C:\Users\Administrator\Downloads\procexp64.exe+a9e0f|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569494Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.055{CBEA6AB7-6F11-6192-D304-000000000E02}40921012C:\Windows\system32\csrss.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009569493Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.055{CBEA6AB7-5D6F-6196-577D-000000000E02}86645104C:\Windows\System32\WScript.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+89d2f|C:\Windows\System32\windows.storage.dll+899a5|C:\Windows\System32\windows.storage.dll+89496|C:\Windows\System32\windows.storage.dll+8a908|C:\Windows\System32\windows.storage.dll+892be|C:\Windows\System32\windows.storage.dll+8c0d5|C:\Windows\System32\windows.storage.dll+8c454|C:\Windows\System32\windows.storage.dll+8ba90|C:\Windows\System32\SHELL32.dll+3cd3f|C:\Windows\System32\SHELL32.dll+3cbcc|C:\Windows\System32\SHELL32.dll+dcb6e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009569492Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.061{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SysWOW64\wscript.exe5.812.10240.16384Microsoft ® Windows Based Script HostMicrosoft ® Windows Script HostMicrosoft Corporationwscript.exe"C:\Windows\SYSWOW64\WSCRIPT.EXE" //b //e:vbscript "C:\Temp\poc.vbs"C:\Temp\ATTACKRANGE\Administrator{CBEA6AB7-6F13-6192-9E98-2F0000000000}0x2f989e2HighMD5=4F021FB3CBD3023D2E20F69176E00099,SHA256=D63ADCCC897B7F74FE56170446D100C7C0F740A6CF01AD17913409581F392E74,IMPHASH=63ECF92956704DAB3E8ACC4116ED9C44{CBEA6AB7-5D6F-6196-577D-000000000E02}8664C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\poc.vbs" 10341000x80000000000000009569491Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.055{CBEA6AB7-69FF-6192-0B00-000000000E02}6247716C:\Windows\system32\lsass.exe{CBEA6AB7-5D6F-6196-577D-000000000E02}8664C:\Windows\System32\WScript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+25aa7|C:\Windows\system32\lsasrv.dll+26bed|C:\Windows\system32\lsasrv.dll+25925|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569490Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.055{CBEA6AB7-69FF-6192-0B00-000000000E02}6247716C:\Windows\system32\lsass.exe{CBEA6AB7-5D6F-6196-577D-000000000E02}8664C:\Windows\System32\WScript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+67d1f|C:\Windows\system32\lsasrv.dll+2586d|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569489Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.039{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\winsta.dll+1178|C:\Windows\SYSTEM32\winsta.dll+10b5|C:\Users\Administrator\Downloads\procexp64.exe+a5184|C:\Users\Administrator\Downloads\procexp64.exe+a951e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569488Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.039{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a9381|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569487Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-577D-000000000E02}8664C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Users\Administrator\Downloads\procexp64.exe+51b6c|C:\Users\Administrator\Downloads\procexp64.exe+538b7|C:\Users\Administrator\Downloads\procexp64.exe+a9f81|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569486Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-577D-000000000E02}8664C:\Windows\System32\WScript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+79325|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+793d7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b639|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b529|C:\Users\Administrator\Downloads\procexp64.exe+747e7|C:\Users\Administrator\Downloads\procexp64.exe+a9f6e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569485Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-577D-000000000E02}8664C:\Windows\System32\WScript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|C:\Users\Administrator\Downloads\procexp64.exe+a9e0f|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569484Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-577D-000000000E02}8664C:\Windows\System32\WScript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\winsta.dll+1178|C:\Windows\SYSTEM32\winsta.dll+10b5|C:\Users\Administrator\Downloads\procexp64.exe+a5184|C:\Users\Administrator\Downloads\procexp64.exe+a951e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569483Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-577D-000000000E02}8664C:\Windows\System32\WScript.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a9381|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569482Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569481Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569480Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569479Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569478Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569477Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569476Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569475Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569474Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569473Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569472Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569471Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569470Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569469Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569468Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569467Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569466Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569465Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569464Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569463Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569462Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569461Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569460Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569459Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569458Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569457Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569456Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569455Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569454Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569453Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569452Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569451Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569450Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569449Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569448Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569447Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569446Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569445Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569444Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569443Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569442Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569441Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569440Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569439Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569438Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569437Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569436Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569435Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569434Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569433Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569432Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569431Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569430Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569429Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569428Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569427Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569426Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569425Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569424Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569423Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569422Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569421Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.023{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569420Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.018{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569419Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.018{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569418Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.018{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569417Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.018{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569416Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569415Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569414Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569413Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569412Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569411Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569410Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569409Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569408Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569407Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569406Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569405Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569404Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569403Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569402Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569401Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569400Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569399Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569398Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569397Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569396Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569395Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569394Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569393Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569392Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569391Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569390Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569389Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-69FF-6192-0B00-000000000E02}6249032C:\Windows\system32\lsass.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+25aa7|C:\Windows\system32\lsasrv.dll+26bed|C:\Windows\system32\lsasrv.dll+25925|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569388Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-69FF-6192-0B00-000000000E02}6249032C:\Windows\system32\lsass.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+67d1f|C:\Windows\system32\lsasrv.dll+2586d|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569387Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569386Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569385Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569384Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569383Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:32.002{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871777Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:33.223{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47C3B1C06DB4489111075C8960767C64,SHA256=B28DF8F6E40CD11DEA3A11153ED02105373AB79AA043B92F26C396B14958421A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009569652Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.722{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=950BF5CE7236D852862BA59D8086C05B,SHA256=7B0E41B983734602F5149FB0956B4BCE88CC31EAE60884CCE5C34B52CA51258A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009569651Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.286{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57EE01D7013F0BDBAD2047E0FA50D2F9,SHA256=49047B97739B18E5E4D62AD6597097F8FE4C1842894EFD6CAD188ABB36169E68,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009569650Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.139{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569649Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.139{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Users\Administrator\Downloads\procexp64.exe+51b6c|C:\Users\Administrator\Downloads\procexp64.exe+538b7|C:\Users\Administrator\Downloads\procexp64.exe+a9f81|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569648Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.139{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+79325|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+793d7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b639|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b529|C:\Users\Administrator\Downloads\procexp64.exe+747e7|C:\Users\Administrator\Downloads\procexp64.exe+a9f6e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569647Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.139{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|C:\Users\Administrator\Downloads\procexp64.exe+a9e0f|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569646Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.139{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\winsta.dll+1178|C:\Windows\SYSTEM32\winsta.dll+10b5|C:\Users\Administrator\Downloads\procexp64.exe+a5184|C:\Users\Administrator\Downloads\procexp64.exe+a951e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569645Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.139{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a9381|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569644Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.139{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Users\Administrator\Downloads\procexp64.exe+51b6c|C:\Users\Administrator\Downloads\procexp64.exe+538b7|C:\Users\Administrator\Downloads\procexp64.exe+a9f81|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569643Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.139{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+79325|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+793d7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b639|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b529|C:\Users\Administrator\Downloads\procexp64.exe+747e7|C:\Users\Administrator\Downloads\procexp64.exe+a9f6e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569642Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.139{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|C:\Users\Administrator\Downloads\procexp64.exe+a9e0f|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569641Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\winsta.dll+1178|C:\Windows\SYSTEM32\winsta.dll+10b5|C:\Users\Administrator\Downloads\procexp64.exe+a5184|C:\Users\Administrator\Downloads\procexp64.exe+a951e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569640Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a9381|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569639Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Users\Administrator\Downloads\procexp64.exe+51b6c|C:\Users\Administrator\Downloads\procexp64.exe+538b7|C:\Users\Administrator\Downloads\procexp64.exe+a89ec|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569638Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+79325|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+793d7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b639|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b529|C:\Users\Administrator\Downloads\procexp64.exe+747e7|C:\Users\Administrator\Downloads\procexp64.exe+a89dd|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569637Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569636Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569635Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569634Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569633Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569632Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569631Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569630Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569629Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569628Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569627Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569626Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569625Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000871776Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:47.378{068A336D-6C46-6192-1000-000000000F02}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse181.214.206.229-53866-false10.0.1.15win-host-273.attackrange.local3389ms-wbt-server 10341000x80000000000000009569624Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569623Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569622Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569621Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569620Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569619Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569618Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569617Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569616Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569615Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569614Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569613Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569612Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569611Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569610Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569609Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569608Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569607Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569606Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569605Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569604Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569603Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569602Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569601Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569600Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569599Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569598Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569597Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569596Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569595Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569594Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569593Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569592Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569591Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569590Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569589Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569588Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569587Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569586Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569585Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569584Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569583Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569582Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569581Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569580Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569579Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569578Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569577Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569576Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569575Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569574Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569573Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569572Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569571Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569570Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569569Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569568Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569567Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569566Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569565Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.123{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569564Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.122{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569563Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.122{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569562Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.122{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569561Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.122{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569560Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.122{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569559Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.121{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569558Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.121{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569557Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.121{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569556Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.121{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569555Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.121{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569554Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.120{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569553Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.120{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569552Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.120{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569551Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.120{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569550Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.120{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569549Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.120{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569548Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.119{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569547Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.023{CBEA6AB7-6F15-6192-E504-000000000E02}46207768C:\Windows\Explorer.EXE{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6165f|C:\Windows\System32\SHELL32.dll+62a85|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569546Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.023{CBEA6AB7-6F15-6192-E504-000000000E02}46207768C:\Windows\Explorer.EXE{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6299e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569545Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.023{CBEA6AB7-6F15-6192-E504-000000000E02}46207768C:\Windows\Explorer.EXE{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62967|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569544Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.023{CBEA6AB7-6F15-6192-E504-000000000E02}46203680C:\Windows\Explorer.EXE{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6165f|C:\Windows\System32\SHELL32.dll+62a85|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569543Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.023{CBEA6AB7-6F15-6192-E504-000000000E02}46203680C:\Windows\Explorer.EXE{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6299e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569542Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.023{CBEA6AB7-6F15-6192-E504-000000000E02}46203680C:\Windows\Explorer.EXE{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62967|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569541Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.023{CBEA6AB7-6F15-6192-E504-000000000E02}46203680C:\Windows\Explorer.EXE{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569540Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.023{CBEA6AB7-6F14-6192-DE04-000000000E02}41924312C:\Windows\system32\taskhostw.exe{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569539Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.023{CBEA6AB7-6F14-6192-DE04-000000000E02}41924312C:\Windows\system32\taskhostw.exe{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009569538Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.023{CBEA6AB7-6F15-6192-E504-000000000E02}4620ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.datMD5=58FDE1A71D2ADB272DABB3A92B406559,SHA256=555933C7D5D49EBF3648EE1EF420E0C71835139B8A8DEF8FBA64C9EBE48B0C32,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009569537Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.023{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6165f|C:\Windows\System32\SHELL32.dll+62400|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569536Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.023{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c00|C:\Windows\System32\SHELL32.dll+623bc|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569535Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.023{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62390|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569534Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:33.023{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871778Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:34.270{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=337C48A0A6E7064E401C4F626315ADDE,SHA256=938B7C48CD8F4D39BDBDF70DA86BDEED4497C6931B528377307376F780BC73E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009569756Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.937{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=71FC72A80833A35D1A442B497195C456,SHA256=CFC339A7662A8A72BC17E2086AE839A98CC078706C112C2E9F2FA733697F6B6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009569755Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.937{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=37A3D50A869C1DD5BC3A4CC7476DD9ED,SHA256=35FD1EAC4E2952747D7546E14FC677F8F94D3C8331E242771DDF8A039073CEE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009569754Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.837{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E46071366A9DD4AF18EA4CB968062C1E,SHA256=1F7C280CA3DDCFC1E2D9D6A84CE6E5FD75E5103FFCE4E5A91C866A77A546A3EA,IMPHASH=00000000000000000000000000000000falsetrue 734700x80000000000000009569753Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.253{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SysWOW64\wscript.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\dynwrapx.dll1.00DynamicWrapperX objectDynamicWrapperX-dynwrapx.dllMD5=E0B8DFD17B8E7DE760B273D18E58B142,SHA256=4EF3A6703ABC6B2B8E2CAC3031C1E5B86FE8B377FDE92737349EE52BD2604379,IMPHASH=5C1DE943A8B81217D14DA612C0C5B40Afalse-Unavailable 23542300x80000000000000009569752Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.253{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A4FF153772C714D7A46C1C13433D885,SHA256=98B5FB36CF5E082C8B14C777E204E63F64C09D3A8813E31FF49437F7852A747E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009569751Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.200{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569750Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.200{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Users\Administrator\Downloads\procexp64.exe+51b6c|C:\Users\Administrator\Downloads\procexp64.exe+538b7|C:\Users\Administrator\Downloads\procexp64.exe+a89ec|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569749Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.200{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+79325|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+793d7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b639|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b529|C:\Users\Administrator\Downloads\procexp64.exe+747e7|C:\Users\Administrator\Downloads\procexp64.exe+a89dd|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569748Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.200{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-5A7D-000000000E02}1776C:\Windows\SysWOW64\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569747Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.200{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Users\Administrator\Downloads\procexp64.exe+51b6c|C:\Users\Administrator\Downloads\procexp64.exe+538b7|C:\Users\Administrator\Downloads\procexp64.exe+a89ec|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569746Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.200{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+79325|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+793d7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b639|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b529|C:\Users\Administrator\Downloads\procexp64.exe+747e7|C:\Users\Administrator\Downloads\procexp64.exe+a89dd|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569745Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.200{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569744Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Users\Administrator\Downloads\procexp64.exe+51b6c|C:\Users\Administrator\Downloads\procexp64.exe+538b7|C:\Users\Administrator\Downloads\procexp64.exe+a89ec|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569743Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+79325|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+793d7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b639|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b529|C:\Users\Administrator\Downloads\procexp64.exe+747e7|C:\Users\Administrator\Downloads\procexp64.exe+a89dd|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569742Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569741Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569740Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569739Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569738Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569737Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569736Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569735Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569734Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569733Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569732Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569731Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569730Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569729Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569728Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569727Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569726Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569725Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569724Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569723Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569722Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569721Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569720Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569719Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569718Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569717Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569716Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569715Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569714Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569713Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569712Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569711Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569710Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569709Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569708Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569707Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569706Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569705Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569704Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569703Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569702Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569701Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569700Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569699Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569698Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569697Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569696Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569695Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569694Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569693Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569692Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569691Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569690Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569689Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569688Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569687Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569686Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569685Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569684Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569683Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569682Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569681Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569680Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569679Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569678Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569677Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569676Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569675Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569674Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569673Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569672Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569671Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569670Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569669Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569668Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569667Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569666Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569665Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569664Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569663Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569662Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569661Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569660Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569659Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569658Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569657Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569656Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569655Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569654Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569653Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.185{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871780Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:35.344{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8D715784FD5CD1D765EC1F40F34121B,SHA256=59C2D7EF85149290E7D8A503198BC692C1B5D4E00959F5DE6B4F6A2032909E9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009570060Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.853{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=643E7180CF9E59E9A645200D244C4A65,SHA256=46605572A63584CF633A284B6C80E9A13B58DC17095CF84FED4BE45BB830F9D2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009570059Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.584{CBEA6AB7-6F15-6192-E504-000000000E02}46207768C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6165f|C:\Windows\System32\SHELL32.dll+62a85|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570058Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.584{CBEA6AB7-6F15-6192-E504-000000000E02}46207768C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6299e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570057Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.584{CBEA6AB7-6F15-6192-E504-000000000E02}46207768C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62967|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570056Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.584{CBEA6AB7-6F15-6192-E504-000000000E02}46203680C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6165f|C:\Windows\System32\SHELL32.dll+62a85|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570055Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.584{CBEA6AB7-6F15-6192-E504-000000000E02}46203680C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6299e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570054Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.584{CBEA6AB7-6F15-6192-E504-000000000E02}46203680C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62967|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570053Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.569{CBEA6AB7-6F15-6192-E504-000000000E02}46203680C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570052Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.569{CBEA6AB7-6F14-6192-DE04-000000000E02}41924312C:\Windows\system32\taskhostw.exe{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570051Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.569{CBEA6AB7-6F14-6192-DE04-000000000E02}41924312C:\Windows\system32\taskhostw.exe{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570050Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.569{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6165f|C:\Windows\System32\SHELL32.dll+62400|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570049Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.569{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c00|C:\Windows\System32\SHELL32.dll+623bc|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570048Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.569{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62390|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570047Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.569{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570046Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.553{CBEA6AB7-6A01-6192-1600-000000000E02}128096C:\Windows\system32\svchost.exe{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570045Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.553{CBEA6AB7-6A01-6192-1600-000000000E02}12801336C:\Windows\system32\svchost.exe{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009570044Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.518{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B3D201F1EDD8DC595D056B97DC51A93,SHA256=6D650A547B2DF4FBD9140D3582BDEFFE6CA21F5BFCFBF294BCC353C5374D0C58,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009570043Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.500{CBEA6AB7-6F15-6192-E504-000000000E02}46207768C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6165f|C:\Windows\System32\SHELL32.dll+62a85|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570042Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.500{CBEA6AB7-6F15-6192-E504-000000000E02}46207768C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6299e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570041Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.500{CBEA6AB7-6F15-6192-E504-000000000E02}46207768C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62967|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570040Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.500{CBEA6AB7-6F14-6192-DE04-000000000E02}41924312C:\Windows\system32\taskhostw.exe{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570039Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.500{CBEA6AB7-6F14-6192-DE04-000000000E02}41924312C:\Windows\system32\taskhostw.exe{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570038Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.485{CBEA6AB7-6F15-6192-E504-000000000E02}46203680C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6165f|C:\Windows\System32\SHELL32.dll+62a85|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570037Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.485{CBEA6AB7-6F15-6192-E504-000000000E02}46203680C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6299e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570036Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.485{CBEA6AB7-6F15-6192-E504-000000000E02}46203680C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62967|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570035Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.485{CBEA6AB7-6F15-6192-E504-000000000E02}46203680C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570034Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.485{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6165f|C:\Windows\System32\SHELL32.dll+62400|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570033Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.485{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c00|C:\Windows\System32\SHELL32.dll+623bc|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570032Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.485{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62390|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570031Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.485{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570030Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.469{CBEA6AB7-6A01-6192-1600-000000000E02}128096C:\Windows\system32\svchost.exe{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570029Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.469{CBEA6AB7-6A01-6192-1600-000000000E02}12801336C:\Windows\system32\svchost.exe{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570028Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.453{CBEA6AB7-5D73-6196-5C7D-000000000E02}84683384C:\Windows\system32\conhost.exe{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009570027Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.369{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38085D3E3CBBAA735BBDE4B65AA8E336,SHA256=E34500C07495A6DE599D4C436FD7AAB0BCB02D49735D12508CB5612B01F446D9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009570026Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.337{CBEA6AB7-6F11-6192-D304-000000000E02}40923908C:\Windows\system32\csrss.exe{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009570025Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.322{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570024Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.322{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570023Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.322{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570022Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.322{CBEA6AB7-6A01-6192-0C00-000000000E02}8447548C:\Windows\system32\svchost.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570021Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.319{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570020Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Users\Administrator\Downloads\procexp64.exe+51b6c|C:\Users\Administrator\Downloads\procexp64.exe+538b7|C:\Users\Administrator\Downloads\procexp64.exe+a89ec|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570019Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+79325|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+793d7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b639|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b529|C:\Users\Administrator\Downloads\procexp64.exe+747e7|C:\Users\Administrator\Downloads\procexp64.exe+a89dd|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570018Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570017Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570016Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570015Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570014Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570013Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570012Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570011Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570010Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-6F11-6192-D304-000000000E02}40921012C:\Windows\system32\csrss.exe{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x80000000000000009570009Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570008Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570007Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570006Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-5D70-6196-597D-000000000E02}70327760C:\Windows\SYSWOW64\WSCRIPT.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9168(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e4c(wow64)|UNKNOWN(0000000005920169)|C:\Windows\System32\USER32.dll+d30a(wow64)|C:\Windows\System32\USER32.dll+c997(wow64)|C:\Users\ADMINI~1\AppData\Local\Temp\2\dynwrapx.dll+155b(wow64)|UNKNOWN(0000000006347C48) 10341000x80000000000000009570005Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x80000000000000009570004Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.297{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe10.0.14393.0 (rs1_release.160715-1616)Windows Winhlp32 StubMicrosoft® Windows® Operating SystemMicrosoft CorporationWINHLP32.EXE"C:\Windows\winhlp32.exe"C:\Temp\ATTACKRANGE\Administrator{CBEA6AB7-6F13-6192-9E98-2F0000000000}0x2f989e2HighMD5=9328E170E5407D9DDE7EB1E208A2CBB4,SHA256=B32AD4D55CD16563908C3AD06B38020FDC9679FBF1BF8EDFFE747EE4122AF62E,IMPHASH=5497DA35A50C4F06BF55433E33516141{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SysWOW64\wscript.exe"C:\Windows\SYSWOW64\WSCRIPT.EXE" //b //e:vbscript "C:\Temp\poc.vbs" 10341000x80000000000000009570003Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570002Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570001Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570000Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569999Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569998Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569997Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569996Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569995Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569994Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569993Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569992Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569991Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569990Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569989Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569988Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569987Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569986Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569985Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569984Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569983Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569982Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569981Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569980Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569979Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569978Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569977Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569976Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569975Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569974Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569973Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569972Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569971Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569970Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569969Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569968Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000871779Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:49.411{068A336D-6C46-6192-1000-000000000F02}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.98-53152-false10.0.1.15win-host-273.attackrange.local3389ms-wbt-server 10341000x80000000000000009569967Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569966Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569965Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569964Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569963Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569962Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569961Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569960Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569959Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569958Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569957Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569956Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569955Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569954Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569953Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569952Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.284{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569951Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569950Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569949Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D70-6196-597D-000000000E02}7032C:\Windows\SYSWOW64\WSCRIPT.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569948Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569947Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569946Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569945Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569944Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569943Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569942Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569941Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569940Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569939Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569938Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569937Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569936Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569935Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569934Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569933Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569932Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569931Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569930Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569929Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569928Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569927Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569926Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569925Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569924Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569923Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569922Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569921Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569920Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569919Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569918Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569917Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569916Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569915Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569914Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.269{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569913Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569912Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569911Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569910Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569909Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569908Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569907Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569906Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569905Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569904Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569903Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569902Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569901Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569900Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569899Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569898Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569897Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569896Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569895Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569894Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569893Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569892Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569891Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569890Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569889Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569888Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569887Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569886Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569885Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569884Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569883Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569882Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569881Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569880Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569879Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569878Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569877Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569876Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569875Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569874Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569873Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569872Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569871Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569870Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569869Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569868Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569867Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569866Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569865Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569864Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569863Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569862Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569861Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569860Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569859Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569858Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569857Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569856Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569855Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569854Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569853Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569852Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569851Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569850Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569849Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569848Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569847Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569846Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569845Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569844Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569843Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569842Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569841Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569840Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569839Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569838Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569837Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569836Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569835Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569834Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569833Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569832Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569831Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569830Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569829Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569828Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569827Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569826Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569825Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569824Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569823Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569822Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569821Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569820Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569819Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569818Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569817Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.253{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569816Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569815Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569814Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569813Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569812Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569811Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569810Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569809Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569808Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569807Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569806Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569805Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569804Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569803Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569802Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569801Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569800Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569799Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569798Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569797Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569796Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569795Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569794Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569793Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569792Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569791Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569790Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569789Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569788Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569787Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569786Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569785Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569784Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569783Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+1607|C:\Windows\system32\mscoree.dll+1a755|C:\Windows\System32\advapi32.dll+12060|C:\Windows\System32\advapi32.dll+116b5|C:\Windows\System32\KERNELBASE.dll+23d79|C:\Windows\System32\KERNELBASE.dll+2332d|C:\Users\Administrator\Downloads\procexp64.exe+7915d|C:\Users\Administrator\Downloads\procexp64.exe+a926e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569782Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569781Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569780Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569779Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569778Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569777Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569776Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569775Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569774Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569773Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569772Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569771Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569770Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569769Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569768Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569767Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569766Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569765Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569764Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569763Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569762Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569761Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569760Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569759Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569758Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009569757Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.237{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871782Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:36.407{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D2482944715CE6351B4A117A47E78B6,SHA256=7690A02CAEBE7BC22988F8FCEEC5D9C06AEDAF6AB604ED6A057146408A63484A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009570182Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.618{CBEA6AB7-6F15-6192-E504-000000000E02}46207768C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6165f|C:\Windows\System32\SHELL32.dll+62a85|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570181Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.618{CBEA6AB7-6F15-6192-E504-000000000E02}46207768C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6299e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570180Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.618{CBEA6AB7-6F15-6192-E504-000000000E02}46207768C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62967|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570179Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.602{CBEA6AB7-6F15-6192-E504-000000000E02}46203680C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6165f|C:\Windows\System32\SHELL32.dll+62a85|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570178Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.602{CBEA6AB7-6F15-6192-E504-000000000E02}46203680C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6299e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570177Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.602{CBEA6AB7-6F15-6192-E504-000000000E02}46203680C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62967|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570176Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.602{CBEA6AB7-6F15-6192-E504-000000000E02}46203680C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570175Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.602{CBEA6AB7-6F14-6192-DE04-000000000E02}41924312C:\Windows\system32\taskhostw.exe{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570174Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.602{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6165f|C:\Windows\System32\SHELL32.dll+62400|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570173Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.602{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c00|C:\Windows\System32\SHELL32.dll+623bc|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570172Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.602{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62390|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570171Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.602{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570170Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.586{CBEA6AB7-6F15-6192-E504-000000000E02}46207768C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6165f|C:\Windows\System32\SHELL32.dll+62a85|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570169Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.586{CBEA6AB7-6F15-6192-E504-000000000E02}46207768C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6299e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570168Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.586{CBEA6AB7-6F15-6192-E504-000000000E02}46207768C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62967|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570167Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.571{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6165f|C:\Windows\System32\SHELL32.dll+62400|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570166Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.571{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c00|C:\Windows\System32\SHELL32.dll+623bc|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570165Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.571{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62390|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570164Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.571{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009570163Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.455{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79010DE49611AC248FBA19CD6175BADF,SHA256=DEA98C9FBF3F7FFDE970829BCB7B449A6A85351EDFBC219F250687A1A788187C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009570162Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.418{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570161Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Users\Administrator\Downloads\procexp64.exe+51b6c|C:\Users\Administrator\Downloads\procexp64.exe+538b7|C:\Users\Administrator\Downloads\procexp64.exe+a9f81|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570160Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+79325|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+793d7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b639|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b529|C:\Users\Administrator\Downloads\procexp64.exe+747e7|C:\Users\Administrator\Downloads\procexp64.exe+a9f6e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570159Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|C:\Users\Administrator\Downloads\procexp64.exe+a9e0f|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570158Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\winsta.dll+1178|C:\Windows\SYSTEM32\winsta.dll+10b5|C:\Users\Administrator\Downloads\procexp64.exe+a5184|C:\Users\Administrator\Downloads\procexp64.exe+a951e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570157Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a9381|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570156Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ntdll.dll+6cd1a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Users\Administrator\Downloads\procexp64.exe+51b6c|C:\Users\Administrator\Downloads\procexp64.exe+538b7|C:\Users\Administrator\Downloads\procexp64.exe+a9f81|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570155Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+79325|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+793d7|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b639|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll+1b529|C:\Users\Administrator\Downloads\procexp64.exe+747e7|C:\Users\Administrator\Downloads\procexp64.exe+a9f6e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570154Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|C:\Users\Administrator\Downloads\procexp64.exe+a9e0f|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570153Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\winsta.dll+1178|C:\Windows\SYSTEM32\winsta.dll+10b5|C:\Users\Administrator\Downloads\procexp64.exe+a5184|C:\Users\Administrator\Downloads\procexp64.exe+a951e|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570152Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a9381|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570151Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570150Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570149Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570148Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570147Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570146Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570145Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570144Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570143Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570142Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570141Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570140Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570139Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570138Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.402{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570137Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570136Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570135Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570134Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570133Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570132Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570131Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570130Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570129Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570128Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570127Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570126Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570125Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000871781Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:50.009{068A336D-6C46-6192-1000-000000000F02}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.98-55154-false10.0.1.15win-host-273.attackrange.local3389ms-wbt-server 10341000x80000000000000009570124Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570123Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570122Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570121Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570120Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570119Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570118Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570117Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570116Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570115Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570114Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570113Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570112Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570111Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570110Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570109Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570108Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570107Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570106Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570105Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570104Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570103Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570102Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570101Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570100Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570099Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570098Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570097Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570096Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570095Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570094Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570093Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570092Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570091Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570090Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570089Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570088Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570087Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570086Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570085Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570084Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570083Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570082Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570081Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570080Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570079Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570078Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570077Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570076Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570075Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570074Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570073Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570072Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570071Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570070Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570069Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570068Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570067Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570066Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570065Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570064Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570063Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570062Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.387{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009570061Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:36.287{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ED9CC55A729EB4CFAF8F0812919D9DBF,SHA256=B4578D9E50585CC48FF33530E9B5D08CE5E1A6A8FD46DA2C1CB89118AD613C9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000871784Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:37.407{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=177DBDDF38DFC5EAD6855475CD731F53,SHA256=DA9E43C0CA4D8DB77EA2548492091A685E553A6E96FBFEEA0D6431FDF5BF8A97,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009570283Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:34.102{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-970.attackrange.local50341-false10.0.1.12-8000- 23542300x80000000000000009570282Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.654{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=535D97B255F91D3F216CE563898A82D8,SHA256=D1DF1122F33562D847E7C262FD3765EA595099062A1C8A7E4EE3631372976459,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009570281Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.486{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570280Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570279Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570278Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570277Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570276Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570275Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570274Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570273Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570272Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570271Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570270Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570269Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570268Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570267Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570266Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570265Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570264Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570263Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570262Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570261Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570260Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570259Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570258Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570257Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570256Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570255Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570254Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570253Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570252Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570251Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570250Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570249Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570248Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570247Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000871783Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:50.736{068A336D-6CC7-6192-CB00-000000000F02}3384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-273.attackrange.local55386-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x80000000000000009570246Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570245Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570244Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570243Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570242Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570241Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570240Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570239Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570238Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570237Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570236Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570235Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570234Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570233Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.470{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570232Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570231Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570230Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570229Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570228Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570227Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570226Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570225Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570224Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570223Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570222Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570221Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570220Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570219Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570218Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570217Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570216Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570215Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570214Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570213Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570212Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570211Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570210Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570209Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570208Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570207Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570206Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570205Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570204Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570203Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570202Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570201Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570200Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570199Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570198Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570197Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570196Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570195Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570194Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570193Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570192Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570191Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.454{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570190Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.385{CBEA6AB7-6F15-6192-E504-000000000E02}46207768C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6165f|C:\Windows\System32\SHELL32.dll+62a85|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570189Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.385{CBEA6AB7-6F15-6192-E504-000000000E02}46207768C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6299e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570188Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.385{CBEA6AB7-6F15-6192-E504-000000000E02}46207768C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5B7D-000000000E02}1432C:\Windows\winhlp32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62967|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7c2cf|C:\Windows\System32\windows.storage.dll+7b04f|C:\Windows\System32\windows.storage.dll+7dfef|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570187Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.370{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6165f|C:\Windows\System32\SHELL32.dll+62400|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570186Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.370{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c00|C:\Windows\System32\SHELL32.dll+623bc|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570185Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.370{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618b4|C:\Windows\System32\SHELL32.dll+62390|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570184Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.370{CBEA6AB7-6F15-6192-E504-000000000E02}46205052C:\Windows\Explorer.EXE{CBEA6AB7-5D73-6196-5C7D-000000000E02}8468C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009570183Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:37.054{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4262518B7E927729FD0DD8B2CF52BFE,SHA256=359E6C105EBB2E4AD8921CCA5BB84C93E19F45CF6A5C62B14AB2E377CF14FBCA,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000009570379Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.144{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.251-46568-false10.0.1.14win-dc-970.attackrange.local3389ms-wbt-server 354300x80000000000000009570378Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:35.006{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.98-38932-false10.0.1.14win-dc-970.attackrange.local3389ms-wbt-server 23542300x80000000000000009570377Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.655{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B53392A6291715465C76A1403CE3CDF4,SHA256=80A6D78D2D52ADD34525B3FE05F9D47BF189E70D60DAF67DCAC0FD9046F04CDD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009570376Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570375Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570374Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570373Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570372Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570371Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570370Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570369Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570368Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570367Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570366Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570365Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570364Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570363Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570362Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570361Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570360Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570359Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570358Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570357Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570356Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570355Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570354Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570353Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570352Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570351Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570350Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570349Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871785Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:38.407{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A86612A1D7D06AB86ED04BC70093EFF,SHA256=956C04A02D6E73026897A5109E98F215137D9BD657D562A3DCF6A14A28CB759E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009570348Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570347Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570346Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.555{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570345Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570344Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570343Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570342Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570341Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570340Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570339Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570338Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570337Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570336Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570335Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570334Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570333Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570332Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570331Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570330Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570329Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570328Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570327Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570326Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570325Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570324Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570323Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570322Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570321Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570320Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570319Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570318Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570317Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570316Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570315Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570314Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570313Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570312Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570311Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570310Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570309Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570308Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570307Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570306Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570305Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570304Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570303Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570302Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570301Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570300Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570299Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570298Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570297Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570296Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570295Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570294Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570293Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570292Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570291Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570290Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570289Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570288Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570287Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570286Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.539{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009570285Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.271{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D2533CE40D3B46DAFA207E5916A2F7F3,SHA256=63134C2AA9A5CDA2706D0AB197035C387E227C0AD86CB03BE0DF88E02F89D27F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009570284Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:38.255{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=337F5F79624A9A85CD61C467721B6D0E,SHA256=64C691F789A4A48A21DAC0545B9A5C76821B949D524254E16E36AD73326BF86F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009570472Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.801{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED78BE7C3B62F5657A84BEBDE0EFAACD,SHA256=6FC92ABE9256A6D92E16109403072D33A268A12935DA7EFECCDEAE8D9A7DFD4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009570471Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.770{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A96C4FED4D46C8EA52AC63446073C55,SHA256=169830F58FC69DF4B4E5A14280857429F814FB09C3EFC3EB7EDD236112147A42,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009570470Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.623{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570469Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.621{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570468Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.620{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570467Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.620{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570466Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.620{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570465Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.620{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570464Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.620{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570463Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.619{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570462Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.619{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570461Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.619{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570460Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.619{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570459Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.618{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570458Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.618{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570457Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.618{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570456Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.618{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570455Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.618{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570454Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.618{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570453Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.618{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570452Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.618{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570451Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.617{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570450Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.617{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570449Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.617{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570448Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.617{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570447Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570446Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570445Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871787Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:39.407{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=909DB697159C31FD1205902497A95242,SHA256=608CC42F09E48B0979A0F366FFDC03820352F24A8488A477A886A5EEFDAD1D89,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009570444Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570443Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570442Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570441Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570440Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570439Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570438Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570437Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570436Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570435Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570434Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570433Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570432Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570431Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570430Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570429Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570428Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570427Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570426Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570425Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570424Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570423Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570422Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570421Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570420Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570419Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570418Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570417Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570416Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570415Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570414Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570413Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570412Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570411Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570410Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570409Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570408Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570407Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570406Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570405Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570404Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570403Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570402Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570401Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570400Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570399Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570398Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570397Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570396Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570395Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570394Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570393Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570392Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570391Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570390Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570389Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570388Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570387Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570386Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570385Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570384Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570383Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570382Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570381Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570380Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.601{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000871786Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:52.723{068A336D-6C46-6192-1000-000000000F02}960C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse181.214.206.114-62497-false10.0.1.15win-host-273.attackrange.local3389ms-wbt-server 23542300x80000000000000009570565Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.937{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A06B564B3F2013E55309F574DD9510D9,SHA256=FD554DB7FD1709ACEE4EC625E567684540B3301CD5FCEDD1E2A4E47666F6CB21,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009570564Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.685{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570563Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.685{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570562Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.685{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570561Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.685{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570560Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.685{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570559Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570558Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570557Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570556Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570555Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570554Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570553Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570552Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570551Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570550Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570549Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570548Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570547Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570546Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570545Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570544Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570543Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570542Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570541Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570540Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570539Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570538Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000871788Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:40.407{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6D3274CED849929E3BEE8A5BD49A54E,SHA256=98CBEF5C2F78D6F31BC5325D9265504869F60432D222EA69055E048F15000B24,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009570537Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570536Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570535Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570534Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570533Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570532Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570531Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570530Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570529Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570528Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570527Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570526Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570525Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570524Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570523Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570522Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570521Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570520Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570519Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570518Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570517Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570516Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570515Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570514Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570513Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570512Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570511Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570510Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570509Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570508Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570507Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570506Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570505Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570504Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570503Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570502Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570501Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570500Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570499Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570498Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570497Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570496Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570495Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570494Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570493Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570492Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570491Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570490Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570489Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570488Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570487Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570486Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570485Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570484Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570483Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570482Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570481Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570480Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570479Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570478Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570477Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570476Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570475Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570474Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.669{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009570473Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:40.622{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A20E057F9CAD2BA10C6AAE1D7B5F748C,SHA256=BD6AEC02725703FC071A2A8EB4633528CA55A24294A47CE235560160F2BD2C1B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009570657Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.768{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+9bb73|C:\Users\Administrator\Downloads\procexp64.exe+a6913|C:\Users\Administrator\Downloads\procexp64.exe+837d0|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570656Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-5D6F-6196-587D-000000000E02}9096C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570655Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9376-000000000E02}5320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570654Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-24C4-6196-9276-000000000E02}2320C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570653Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8856-000000000E02}3940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570652Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-150E-6195-8656-000000000E02}984C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570651Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-1270-6195-2D56-000000000E02}8116C:\Users\Administrator\Downloads\dnSpy.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570650Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-0E3B-6195-6555-000000000E02}7452C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570649Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-FA53-000000000E02}7744C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570648Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04D1-6195-F953-000000000E02}7900C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570647Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F553-000000000E02}2020C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570646Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-04A7-6195-F453-000000000E02}8036C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570645Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3351-000000000E02}1072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570644Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-F031-6194-3251-000000000E02}216C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570643Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9734-000000000E02}3892C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570642Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-FC75-6193-9634-000000000E02}4476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570641Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-CCC7-6193-D72E-000000000E02}6508C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570640Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-C999-6193-6D2E-000000000E02}7680C:\Windows\System32\NOTEPAD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570639Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-352D-000000000E02}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570638Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BF48-6193-342D-000000000E02}3572C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570637Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BDA3-6193-F92C-000000000E02}8144C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570636Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BCB2-6193-D22C-000000000E02}2412C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570635Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BC78-6193-C12C-000000000E02}2160C:\Python310\pythonw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570634Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-BB83-6193-7B2C-000000000E02}4116C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570633Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-9A62-6193-9328-000000000E02}5708C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570632Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-936D-6193-B527-000000000E02}6292C:\Program Files\Greenshot\Greenshot.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570631Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F7D-6193-2E27-000000000E02}5760C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871798Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:41.860{068A336D-5D79-6196-F87E-000000000F02}31207132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{068A336D-6CBE-6192-9900-000000000F02}3876C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871797Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:41.688{068A336D-6CBE-6192-9D00-000000000F02}22683424C:\Windows\system32\conhost.exe{068A336D-5D79-6196-F87E-000000000F02}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871796Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:41.688{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871795Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:41.688{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871794Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:41.688{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871793Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:41.688{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871792Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:41.688{068A336D-6C45-6192-0500-000000000F02}4081764C:\Windows\system32\csrss.exe{068A336D-5D79-6196-F87E-000000000F02}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000871791Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:41.688{068A336D-6CBE-6192-9900-000000000F02}38762264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{068A336D-5D79-6196-F87E-000000000F02}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000871790Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:41.673{068A336D-5D79-6196-F87E-000000000F02}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{068A336D-6C45-6192-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{068A336D-6CBE-6192-9900-000000000F02}3876C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000871789Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:41.407{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E37D67F73880ECA65707BC0CE17175F,SHA256=29D2DC0E34D0EB4449D793E57A64F6FEC12E0542E09335B1BE41906A1505F024,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000009570630Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-8F30-6193-2527-000000000E02}1668C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570629Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7961-6192-5306-000000000E02}5020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570628Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570627Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570626Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570625Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570624Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570623Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570622Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570621Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570620Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570619Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570618Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570617Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570616Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570615Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570614Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570613Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570612Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570611Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570610Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570609Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570608Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570607Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570606Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570605Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570604Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570603Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570602Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570601Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570600Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570599Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570598Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570597Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570596Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570595Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570594Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570593Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570592Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570591Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570590Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570589Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570588Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570587Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570586Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570585Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570584Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570583Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570582Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570581Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570580Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570579Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570578Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570577Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570576Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570575Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570574Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570573Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570572Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570571Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570570Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570569Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570568Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570567Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.752{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x80000000000000009570566Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:41.637{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=576B22CB6823FBC80360571F87C8EF16,SHA256=2EB6A24DEE66C8BC1DDE5A8BB7A3586C0EEB24028B25955CEF90C0D50BED3F71,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000871816Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:42.891{068A336D-6CBE-6192-9D00-000000000F02}22683424C:\Windows\system32\conhost.exe{068A336D-5D7A-6196-FA7E-000000000F02}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871815Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:42.891{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871814Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:42.891{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871813Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:42.891{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871812Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:42.891{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871811Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:42.891{068A336D-6C45-6192-0500-000000000F02}408524C:\Windows\system32\csrss.exe{068A336D-5D7A-6196-FA7E-000000000F02}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000871810Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:42.891{068A336D-6CBE-6192-9900-000000000F02}38762264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{068A336D-5D7A-6196-FA7E-000000000F02}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000871809Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:42.877{068A336D-5D7A-6196-FA7E-000000000F02}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{068A336D-6C45-6192-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{068A336D-6CBE-6192-9900-000000000F02}3876C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000871808Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:42.422{068A336D-6CCC-6192-D400-000000000F02}3096NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D6CC681D67C2B1EC340243C8877C22F,SHA256=B888D44154BE0AE183DF9FF6FA74952F94D05D26AD2F8065C8BA65004D20B13A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000871807Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:56.549{068A336D-6CC7-6192-CB00-000000000F02}3384C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-273.attackrange.local55387-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x80000000000000009570724Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-7139-6192-5F05-000000000E02}6492C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570723Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5605-000000000E02}6612C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570722Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-711B-6192-5505-000000000E02}7044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570721Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70FA-6192-4E05-000000000E02}5068C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570720Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F6-6192-4805-000000000E02}7020C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570719Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F5-6192-4705-000000000E02}3236C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570718Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4605-000000000E02}6888C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570717Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4505-000000000E02}5928C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570716Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F4-6192-4405-000000000E02}5388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570715Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-70F1-6192-4305-000000000E02}6104C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570714Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0405-000000000E02}6304C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570713Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F2B-6192-0305-000000000E02}6296C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570712Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F22-6192-FD04-000000000E02}4404C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570711Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F21-6192-FC04-000000000E02}4368C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570710Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F15-6192-E504-000000000E02}4620C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570709Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DD04-000000000E02}4136C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570708Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F14-6192-DA04-000000000E02}3932C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570707Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F12-6192-D604-000000000E02}596C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570706Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D404-000000000E02}3976C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570705Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6F11-6192-D304-000000000E02}4092C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570704Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA7-6192-E300-000000000E02}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570703Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570702Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-B000-000000000E02}1056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570701Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A9A-6192-AC00-000000000E02}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570700Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A8C-6192-9100-000000000E02}2236C:\Windows\System32\msdtc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570699Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A14-6192-4700-000000000E02}3708C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570698Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A13-6192-4400-000000000E02}3664C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570697Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A12-6192-3300-000000000E02}3136C:\Windows\System32\vds.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570696Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3100-000000000E02}2652C:\Windows\system32\wbem\unsecapp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570695Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-3000-000000000E02}3068C:\Windows\system32\dfssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570694Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2E00-000000000E02}3004C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570693Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2D00-000000000E02}2988C:\Windows\system32\dns.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570692Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2C00-000000000E02}2968C:\Windows\System32\ismserv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570691Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2B00-000000000E02}2960C:\Windows\sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570690Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2A00-000000000E02}2952C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570689Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2900-000000000E02}2928C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570688Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2700-000000000E02}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570687Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A11-6192-2600-000000000E02}2752C:\Windows\System32\spoolsv.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570686Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A0B-6192-2300-000000000E02}2576C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570685Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2200-000000000E02}2472C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570684Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A05-6192-2000-000000000E02}2456C:\Users\Public\splunkd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570683Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A02-6192-1F00-000000000E02}2084C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570682Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1700-000000000E02}1392C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570681Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1600-000000000E02}1280C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570680Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1500-000000000E02}1232C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570679Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1400-000000000E02}1100C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570678Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1300-000000000E02}776C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570677Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1200-000000000E02}476C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570676Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1100-000000000E02}404C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570675Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-1000-000000000E02}380C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570674Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570673Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0E00-000000000E02}1004C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570672Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0D00-000000000E02}904C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570671Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-6A01-6192-0C00-000000000E02}844C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570670Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0B00-000000000E02}624C:\Windows\system32\lsass.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570669Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0A00-000000000E02}616C:\Windows\system32\services.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570668Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0900-000000000E02}564C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\Downloads\procexp64.exe+a822a|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570667Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0800-000000000E02}488C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570666Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0700-000000000E02}480C:\Windows\system32\wininit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570665Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FF-6192-0500-000000000E02}408C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570664Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0200-000000000E02}324C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x80000000000000009570663Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.799{CBEA6AB7-0FDB-6195-B155-000000000E02}67084144C:\Users\Administrator\Downloads\procexp64.exe{CBEA6AB7-69FD-6192-0100-000000000E02}4System0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5d64|C:\Windows\System32\KERNELBASE.dll+25803|C:\Windows\System32\KERNEL32.DLL+169c0|C:\Users\Administrator\Downloads\procexp64.exe+a8288|C:\Users\Administrator\Downloads\procexp64.exe+836d5|C:\Users\Administrator\Downloads\procexp64.exe+c799c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x80000000000000009570662Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.445{CBEA6AB7-6A01-6192-0F00-000000000E02}364C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.100.87.36-33564-false10.0.1.14win-dc-970.attackrange.local3389ms-wbt-server 354300x80000000000000009570661Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:39.133{CBEA6AB7-6AA1-6192-DA00-000000000E02}3684C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-970.attackrange.local50342-false10.0.1.12-8000- 23542300x80000000000000009570660Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.699{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BE1C93EF473D6910CEE2F19EEB790C40,SHA256=9C3E42763F5276FCA1A7AEDDC7FF732AE07A36204F94EC79F1F4D1C93F7A2586,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009570659Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.637{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0DEC4653E5D006C583502C7CA838E16,SHA256=624E529283C472ABFF529E99912D247C7A38EE25B0B755542D88083012BFB3F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000009570658Microsoft-Windows-Sysmon/Operationalwin-dc-970.attackrange.local-2021-11-18 14:04:42.052{CBEA6AB7-6AA7-6192-E300-000000000E02}1300NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3DFBADF6356C4C4471490EEABE669C70,SHA256=BB5A270246FA750822685D635B1552D067128FCCE8FF42932F72DA09F9CB76C9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000871806Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:42.376{068A336D-6CBE-6192-9D00-000000000F02}22683424C:\Windows\system32\conhost.exe{068A336D-5D7A-6196-F97E-000000000F02}6836C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871805Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:42.376{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871804Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:42.376{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871803Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:42.376{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871802Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:42.376{068A336D-6C46-6192-0C00-000000000F02}7246648C:\Windows\system32\svchost.exe{068A336D-6C47-6192-1E00-000000000F02}2016C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a583|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d3c|C:\Windows\System32\RPCRT4.dll+4a284|C:\Windows\System32\RPCRT4.dll+4919d|C:\Windows\System32\RPCRT4.dll+49a4b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000871801Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:42.376{068A336D-6C45-6192-0500-000000000F02}4081012C:\Windows\system32\csrss.exe{068A336D-5D7A-6196-F97E-000000000F02}6836C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000871800Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:42.376{068A336D-6CBE-6192-9900-000000000F02}38762264C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{068A336D-5D7A-6196-F97E-000000000F02}6836C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000871799Microsoft-Windows-Sysmon/Operationalwin-host-273.attackrange.local-2021-11-18 14:04:42.361{068A336D-5D7A-6196-F97E-000000000F02}6836C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{068A336D-6C45-6192-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{068A336D-6CBE-6192-9900-000000000F02}3876C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service