10341000x80000000000000006796Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:44.886{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0104-615C-3201-00000000FC01}3008C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006795Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:44.886{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006794Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:44.886{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006793Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:44.886{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006792Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:44.886{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006791Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:44.886{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006790Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:44.886{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006789Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:44.886{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006788Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:44.886{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006787Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:44.886{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006786Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:44.886{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0104-615C-3201-00000000FC01}3008C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000006785Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:44.886{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0104-615C-3201-00000000FC01}3008C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000006784Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:44.887{49C67628-0104-615C-3201-00000000FC01}3008C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x80000000000000006783Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:42.964{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49845-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x80000000000000006782Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:44.418{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3F98004291AEFDE3A73AA3F1E24E033,SHA256=9150CF84DB794F728F9A99889DD77CD179BD234A3A2C9FF15A4A7BE7E5804F57,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000022396Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.741{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0104-615C-0105-00000000FB01}5496C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022395Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.741{6EDEAD03-FC1D-615B-0C00-00000000FB01}848988C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022394Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.741{6EDEAD03-FC1D-615B-0C00-00000000FB01}848988C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022393Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.741{6EDEAD03-FC1D-615B-0C00-00000000FB01}848988C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022392Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.741{6EDEAD03-FC1D-615B-0C00-00000000FB01}848988C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022391Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.741{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0104-615C-0105-00000000FB01}5496C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000022390Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.741{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0104-615C-0105-00000000FB01}5496C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000022389Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.742{6EDEAD03-0104-615C-0105-00000000FB01}5496C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000022388Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.272{6EDEAD03-0104-615C-0005-00000000FB01}63085440C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000022387Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.256{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=626AFAD9846CD4117BC96A1C4127B93E,SHA256=FF4FA84FFB6DB7497BFECAA6C56A2D8DB0C1A37FE35D7FD6596BAA7AE12976DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022386Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.210{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=76F2ECFC954A1A9336CBFDA4904F894B,SHA256=C7DEEF5E79E08DBE66B7DDC0E924CBE23568E008A33AA850E2426C3FF3B71366,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000022385Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.069{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0104-615C-0005-00000000FB01}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022384Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.069{6EDEAD03-FC1D-615B-0C00-00000000FB01}848988C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022383Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.069{6EDEAD03-FC1D-615B-0C00-00000000FB01}848988C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022382Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.069{6EDEAD03-FC1D-615B-0C00-00000000FB01}848988C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022381Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.069{6EDEAD03-FC1D-615B-0C00-00000000FB01}848988C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022380Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.069{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0104-615C-0005-00000000FB01}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000022379Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.069{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0104-615C-0005-00000000FB01}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000022378Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:44.070{6EDEAD03-0104-615C-0005-00000000FB01}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000006813Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:45.902{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3A6EBA84193DAA867FE262F9F28BF84B,SHA256=E3E25F040A30896D6A8B87F425F285C6C2C1F8DDC5FA01401EAFF12995BEE574,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006812Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:45.902{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=722ACB7E298526C0BEA6BBA9833BDE96,SHA256=399F6630B4A73C7D0AE7799AA59BFF8E3DCB093D37EA0D13654B2A5B94087641,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006811Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:45.621{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=167029A5A3158C15ABBF55A06C6433C1,SHA256=9CCAC5820238BF855957575CA6F727D36C2C6CDD3FE166DFD0F15A9127E0ACAC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000006810Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:45.574{49C67628-0105-615C-3301-00000000FC01}1844520C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000022398Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:45.835{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=98EA76BEDB4C6C7B14C0529C72A5ADC4,SHA256=4D97FED8BFD4BECB5A3482B25AD9FB0DA6631ABAA79C5B162ED65702281079D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022397Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:45.257{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05A06C9C0119237750746F868F6A4341,SHA256=87C9E10A68914A9CE5AB13516BC2E29DB32F364AC8999DBBB3E671EBD937A4C8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000006809Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:45.386{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0105-615C-3301-00000000FC01}1844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006808Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:45.386{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006807Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:45.386{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006806Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:45.386{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006805Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:45.386{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006804Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:45.386{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006803Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:45.386{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006802Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:45.386{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006801Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:45.386{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006800Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:45.386{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006799Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:45.386{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0105-615C-3301-00000000FC01}1844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000006798Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:45.386{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0105-615C-3301-00000000FC01}1844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000006797Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:45.387{49C67628-0105-615C-3301-00000000FC01}1844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000006828Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:46.699{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C840E54CC4D46A521FD389C47B3D891B,SHA256=AC37215310B41FAA675D8F2E7AB7ED4AD36A87D406C349BAD79B9368F7FED0FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022399Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:46.272{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC5DFBD2C41086F98B0FAA7026AC6206,SHA256=58AA3F631FDC24C65E75B3836067727D19922147A8690632F2F1601D0234C6E6,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000006827Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:44.073{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49846-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x80000000000000006826Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:46.027{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0106-615C-3401-00000000FC01}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006825Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:46.027{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006824Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:46.027{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006823Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:46.027{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006822Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:46.027{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006821Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:46.027{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006820Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:46.027{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006819Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:46.027{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006818Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:46.027{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006817Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:46.027{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006816Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:46.027{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0106-615C-3401-00000000FC01}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000006815Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:46.027{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0106-615C-3401-00000000FC01}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000006814Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:46.028{49C67628-0106-615C-3401-00000000FC01}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000006844Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:47.918{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8DE6670F1DD5B0A0F47C4B56750283A,SHA256=1B5D9CE21BD5F3FF97A874DA21812D9ECDD26240E5EE1DC36BC35C2687B7E9D0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000022435Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022434Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022433Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022432Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022431Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022430Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022429Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022428Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022427Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2700-00000000FB01}2896C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022426Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2700-00000000FB01}2896C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022425Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022424Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022423Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022422Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022421Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022420Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022419Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022418Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022417Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022416Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022415Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022414Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022413Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022412Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022411Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022410Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022409Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022408Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022407Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022406Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022405Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022404Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022403Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022402Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022401Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.975{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000022400Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:47.288{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F25EEF49C61040A87C24B39201AE3DE,SHA256=343AD292FD9D4B120C9C737BAD0F5C91E802054F68AF8AE44F7AB4A2D1424611,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000006843Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:47.418{49C67628-0107-615C-3501-00000000FC01}25762848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000006842Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:47.184{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3A6EBA84193DAA867FE262F9F28BF84B,SHA256=E3E25F040A30896D6A8B87F425F285C6C2C1F8DDC5FA01401EAFF12995BEE574,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000006841Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:47.170{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0107-615C-3501-00000000FC01}2576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006840Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:47.170{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006839Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:47.170{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006838Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:47.170{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006837Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:47.170{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006836Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:47.170{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006835Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:47.170{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006834Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:47.170{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006833Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:47.170{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006832Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:47.170{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006831Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:47.170{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0107-615C-3501-00000000FC01}2576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000006830Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:47.170{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0107-615C-3501-00000000FC01}2576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000006829Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:47.171{49C67628-0107-615C-3501-00000000FC01}2576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000022437Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:48.600{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9F38CBE0E8A3983D82DDA577C80FF08,SHA256=C66574C3E71936E9B9A83BC8AD9864DD6A308311BD224965DCD37BF57CBFB4FC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022436Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:45.833{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61880-false10.0.1.12-8000- 10341000x80000000000000006871Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.933{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0108-615C-3701-00000000FC01}3300C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006870Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.933{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006869Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.933{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006868Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.933{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006867Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.933{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006866Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.933{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006865Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.933{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006864Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.933{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006863Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.933{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006862Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.933{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006861Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.933{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0108-615C-3701-00000000FC01}3300C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000006860Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.933{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0108-615C-3701-00000000FC01}3300C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000006859Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.934{49C67628-0108-615C-3701-00000000FC01}3300C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000006858Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.449{49C67628-0108-615C-3601-00000000FC01}35881344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006857Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.261{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0108-615C-3601-00000000FC01}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006856Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.261{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006855Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.261{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006854Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.261{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006853Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.261{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006852Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.261{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006851Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.261{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006850Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.261{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006849Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.261{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006848Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.261{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006847Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.261{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0108-615C-3601-00000000FC01}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000006846Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.261{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0108-615C-3601-00000000FC01}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000006845Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:48.262{49C67628-0108-615C-3601-00000000FC01}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000022438Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:49.444{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6EF35A74DBDD14AC3566E7A926670D48,SHA256=4E747E3462A5F2256D2688CBBAF11C4BE18CCE385B34E8596C9D1D7F0EDEE72A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000006887Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:49.761{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0109-615C-3801-00000000FC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006886Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:49.761{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006885Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:49.761{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006884Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:49.761{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006883Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:49.761{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006882Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:49.761{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006881Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:49.761{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006880Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:49.761{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006879Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:49.761{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006878Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:49.761{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006877Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:49.761{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0109-615C-3801-00000000FC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000006876Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:49.761{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0109-615C-3801-00000000FC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000006875Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:49.762{49C67628-0109-615C-3801-00000000FC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000006874Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:49.480{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FCA4A937CAB64F4CA52A3FC83077301,SHA256=9B6925DA5EB7C99131696BA1CCB672FA7C4BD868BECE8745EFF1CB2F5BDBDB04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006873Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:49.480{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=480DA0288C668F4B38449F6096427C77,SHA256=C0BBF17DAD8E8986B908BCE82C1C5FF5CAE31651778B5355C79BEC5D2561C2AE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000006872Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:49.183{49C67628-0108-615C-3701-00000000FC01}33003108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000022441Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:50.663{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F09F06BFE02C86B9C2055AC9F417A02,SHA256=AA74BD26DE563103A915134C0A188C6E131C3075B509BE0ED7547646BB496AAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006889Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:50.871{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F91138F5F2A6D853C38BEED218400D41,SHA256=65A74B1E7008D3A2F7E09D7FBD5E5C6AE78BFC43E242A3FF7F582B1026FBD343,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006888Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:50.418{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25357BD82D88DB6DBB14B1935E47221C,SHA256=C799769F099499A62C0B352BD99917903DBC0923A5293BC68A1A634119521FEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022440Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:50.366{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=C6D078A5E7139BB22101720F257D466E,SHA256=B654527B9E2194805BCA6ADFCCA16F9A62FD2173FB2DFD929F9782D9D62B808B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000022439Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:50.116{6EDEAD03-FC1D-615B-0D00-00000000FB01}9082492C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1600-00000000FB01}1288C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000022442Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:51.694{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F2002758FA84EF07C0BEC7A1A142EE1,SHA256=5B112DEBEF975CE3687D39D1C6DA4253AAF84AFC756FBEAB4DE5390F0A2553E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006891Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:51.465{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3D05DF363B238D1147929B13314B4A1,SHA256=1FF0ED7239E45AC2BE8700C8F7CA056E95541D6C29B18B01B0B1A76BBB47E288,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000006890Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:49.091{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49847-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000022448Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:52.772{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D1993C04F6E8D2F0B9ADC5ED778B885,SHA256=69DFDFA00072A599B5C0A2B908A6618EE104216A46CDD666D4F5A898BC12ED1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006893Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:52.985{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-012MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006892Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:52.481{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFB0121BE42112B312C4D88F74B3EF40,SHA256=9CBE7DB4F2BA7C4DED43C987403B8F86522EDDEABE541CA965C532EC23F70015,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022447Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:50.043{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local63701- 354300x800000000000000022446Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:50.042{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local56857-false10.0.1.14win-dc-676.attackrange.local53domain 354300x800000000000000022445Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:50.042{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local56857- 354300x800000000000000022444Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:50.042{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruea00:10e:5f45:5252:c840:3d9e:80e5:ffff-56857-truea00:10e:0:0:0:0:0:0win-dc-676.attackrange.local53domain 354300x800000000000000022443Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:50.041{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54268-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domain 23542300x80000000000000006895Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:53.996{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-013MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006894Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:53.482{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60BD5EA555EDE3C326198A9F0FAD4743,SHA256=B4A2ED098DAC9794BCD84B9CA749585D36994618821AFA7F90D45D810AB2C4E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022450Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:53.819{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=610E8FA15AC1C6C7C76134842C53517B,SHA256=A7F4523F55946AFEF6DA0FC61B58FED27C696D650E58050B40475CE4898AF3D1,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000022449Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:38:53.710{6EDEAD03-FC1D-615B-1100-00000000FB01}480C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b9bc-0x0c010488) 23542300x800000000000000022452Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:54.850{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5ABB30D17330472E056D150170CE7CD3,SHA256=EE466E2EA3F5532C8F0F62478B9A0DF605055DF715B62724D6E7D787611B38B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006896Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:54.494{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC514E08E068CACEA69B807FBBF9AD3E,SHA256=6A2FF2FD94A98D41338DCF06B46859FB1DC8D0D1DAE6E5C7AB4099F250C7E1F8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022451Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:51.865{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61881-false10.0.1.12-8000- 23542300x800000000000000022453Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:55.881{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E365895586912043913EEEAB5FE9F839,SHA256=B5EFC3526350C4DD62B0F8E61058AB51A014E4016A9E065C50198BA6686A8D7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006897Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:55.497{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D779C22BF7325293634E35F6F58C8469,SHA256=6AF2EE400536CBBEE90FC9B339328309798EF46624B72CB58EC81F6C1CA633C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022454Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:56.882{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16731E0C5884374A934CA4C372036BF0,SHA256=2E50D258E12B70048C98E1F78F886CAC477CABB4C92A3337FDA0DF43C355667A,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000006899Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:55.105{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49848-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000006898Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:56.512{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E4A1270E00A3DE3AD1B9E7542981FCD,SHA256=621ACE6871945D73BA285624EDBD883AE42AC3AADD6891A03441D5AD4B440BAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006900Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:57.524{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CFCFE670580B20E5BF1D7E798F8FC60,SHA256=00203C5A3094B81CA56C627C4E7100A8A472A3DD4BB1C725730F574889CD011C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022455Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:57.893{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=310D9794CE42F76E45AAC07C2207ACBC,SHA256=29804E102E97B241F27508918ADCCBDA3D31BAA9CE189A81149D946EAD172B28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022456Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:58.925{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4AF49DC34976838FFE0C26FA58AB1512,SHA256=72500DB3B65014DA01A150003D77EC9D27AF813C5A3A45D92F790128FF62C4BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006901Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:58.539{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9384CA20718D4BC7A4494C2223973328,SHA256=D29655255048C63048A5F9AB04B6C3DDF1F71B34C210129B7F221FA8B002DAAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022458Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:59.925{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=527FF4EA55B839774D9A581A4EF0F7B3,SHA256=CBEE8760515145AED46F37643967B298FE273DFE885AA2CDEBF562794A3C1BB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006902Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:38:59.539{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10315DE835EDB765A61844B648914A2F,SHA256=61E0048FC63952477D35989296707783428683CD0989FC42AB84E4864698D958,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022457Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:38:57.627{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61882-false10.0.1.12-8000- 23542300x800000000000000022459Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:00.940{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7BB784EBC0FA71D42D9350C50DCE5AC,SHA256=4AA804524D9CFAE7CBC012DF2FC3058903093E593A0A2A18DAABDDA48B47CAEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006903Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:00.555{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88195BF7A017BAA387CCCA18DC758368,SHA256=560E13CBB2958BA9337E80D009C7E015CB1770CD5F47D3666D5407C5A9CE36DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022460Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:01.956{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37995E82A8208CE7FA5DAD7694B52587,SHA256=9909BDF394A64D9C35C5E7C6DAE1EDF2EFD0063BDD69F617B473C208CDAFCC59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006904Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:01.571{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34F05AB7F010672E057D91661A0015F1,SHA256=604B18917A90263560DCBEB7A860C45BC1B7083A6D438192546A1BEFB0333A97,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000006906Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:00.210{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49849-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000006905Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:02.571{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=039E59D9DA23B7A06B2E8039AB43D51D,SHA256=551B6388B41ABA4E70071004FABA9E3539FD228BE0200310C61514E8DC67C9CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006907Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:03.586{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F7BCB33571C241C463C84CB8591425C,SHA256=3C10DFB1A382C27CC356088806F775C9DC78984CD3D2435B44CF74CB9189BB45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022461Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:03.018{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19B13B778F6446FC67098E9167EED229,SHA256=38007EB2241500D81718AC238BECE0F219B880F3A93027A05D0FD0E1851577F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006908Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:04.586{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=449D5D0C4775BB769E9C90E36B3C91FA,SHA256=5356F5B29842CE1D73CFACE59FF7499842D6EAAFDFAAD47CCDD3B7F202C17552,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022462Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:04.034{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1751590E2C4773D77AB43401157DE398,SHA256=E0B704A29DD22BD780DD0722A61FB62D707D4923A52F5227C64564868D733813,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006909Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:05.820{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=467B3A25E244766046BB676DF4AAE7E0,SHA256=76156A6DFE43A063C1CBCFA7557D5FC9F12B3DC9E173F6EF4D2B40F8B141F7E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022464Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:05.050{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B45454336E8E8C026687ED59CBF221D5,SHA256=AA1032DF4534BB2F0B8001ADBE0763BAC05BB09F780F00FAD834E33A60D3CFF7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022463Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:02.705{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61883-false10.0.1.12-8000- 23542300x80000000000000006910Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:06.977{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60D5FF5702999B3B58218A49D2C99FD7,SHA256=7C5E72266AAC030C56EB10093CCD8836EE79F2703760DF7023150F316ADE0831,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022465Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:06.050{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7E7E3F1A3809E2EBAAD9295FAF9E2DA,SHA256=8A46D0AD3B41F1188858F148AFAE72CACEAB44C57D10E7401DAD37C6973BAD18,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000006911Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:06.132{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49850-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000022466Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:07.050{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB39691E6D4B05557506F35175D6D104,SHA256=E5F33DC271D2BF8E11EEB76DF9AAFA96D52F850E2E80906690A63F2A7A8C4866,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006912Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:08.211{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AAC755413C76130A523E067F468D1385,SHA256=AADA9C4C0F196377BB53788EA56C475168A8C55E50D9493BBEB3D4B097CC178A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022468Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:08.190{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=605E79988B530E3869B96BF7F17CDF7C,SHA256=658716D040E59F3E6DEFA421B4243CD552D840DF0CB62CA314D283E88A32793C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000022467Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:08.128{6EDEAD03-FF62-615B-F102-00000000FB01}49805088C:\Windows\System32\taskhostw.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000006913Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:09.258{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A865175F9F9EEB48A5328B91F4EF8F35,SHA256=DF7B2487E1A3845B4145774152EFD886FEFE80C75395563F50B857C458B995B6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000022485Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.987{6EDEAD03-FF62-615B-F802-00000000FB01}50525880C:\Windows\Explorer.EXE{6EDEAD03-011D-615C-0305-00000000FB01}5740C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022484Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.987{6EDEAD03-FF62-615B-F802-00000000FB01}50525880C:\Windows\Explorer.EXE{6EDEAD03-011D-615C-0305-00000000FB01}5740C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022483Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.987{6EDEAD03-FF62-615B-F802-00000000FB01}50525880C:\Windows\Explorer.EXE{6EDEAD03-011D-615C-0305-00000000FB01}5740C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022482Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.987{6EDEAD03-FF62-615B-F802-00000000FB01}50525880C:\Windows\Explorer.EXE{6EDEAD03-011D-615C-0305-00000000FB01}5740C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022481Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.987{6EDEAD03-FC1D-615B-1600-00000000FB01}12881440C:\Windows\System32\svchost.exe{6EDEAD03-011D-615C-0305-00000000FB01}5740C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022480Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.987{6EDEAD03-FC1D-615B-1600-00000000FB01}12881316C:\Windows\System32\svchost.exe{6EDEAD03-011D-615C-0305-00000000FB01}5740C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022479Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.972{6EDEAD03-011D-615C-0305-00000000FB01}57405284C:\Windows\system32\conhost.exe{6EDEAD03-011D-615C-0205-00000000FB01}5428C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022478Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.956{6EDEAD03-FF5F-615B-E202-00000000FB01}9724272C:\Windows\system32\csrss.exe{6EDEAD03-011D-615C-0305-00000000FB01}5740C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000022477Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.940{6EDEAD03-FC1D-615B-1300-00000000FB01}10321464C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022476Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.940{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022475Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.940{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022474Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.940{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022473Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.940{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022472Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.940{6EDEAD03-FF5F-615B-E202-00000000FB01}9723852C:\Windows\system32\csrss.exe{6EDEAD03-011D-615C-0205-00000000FB01}5428C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000022471Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.940{6EDEAD03-FF62-615B-F802-00000000FB01}50525672C:\Windows\Explorer.EXE{6EDEAD03-011D-615C-0205-00000000FB01}5428C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+a909f|C:\Windows\System32\windows.storage.dll+a8d15|C:\Windows\System32\windows.storage.dll+a8806|C:\Windows\System32\windows.storage.dll+a9c78|C:\Windows\System32\windows.storage.dll+a862e|C:\Windows\System32\windows.storage.dll+ab445|C:\Windows\System32\windows.storage.dll+ab7c4|C:\Windows\System32\windows.storage.dll+aae00|C:\Windows\System32\windows.storage.dll+ad62a|C:\Windows\System32\windows.storage.dll+ad3e2|C:\Windows\System32\SHELL32.dll+3f8bd|C:\Windows\System32\SHELL32.dll+3e456|C:\Windows\System32\SHELL32.dll+801d1|C:\Windows\System32\SHELL32.dll+6716e|C:\Windows\System32\SHELL32.dll+3d433|C:\Windows\System32\SHELL32.dll+3d2fb|C:\Windows\System32\SHELL32.dll+3cc17|C:\Windows\System32\SHELL32.dll+3c8dc|C:\Windows\System32\SHELL32.dll+e2157|C:\Windows\System32\SHELL32.dll+e20b5 154100x800000000000000022470Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.941{6EDEAD03-011D-615C-0205-00000000FB01}5428C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" C:\Users\Administrator\ATTACKRANGE\Administrator{6EDEAD03-FF61-615B-7756-1D0000000000}0x1d56772HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x800000000000000022469Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.190{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90EEEEFC8F8EBD92A4CBA4CF3DEA46BD,SHA256=32DDF5F24BC13C2854DB84801D9F220488A6FF21D42F118EADA95FECD7AC30E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006914Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:10.399{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B0B9E0C60BF165ED901B9E75C9624A8,SHA256=CEFC5F39BCAA51DB02F5965243B476F09A84AD6D2E3065145389B032CB925C1F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022496Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:08.720{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61884-false10.0.1.12-8000- 23542300x800000000000000022495Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:10.190{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCAC0704579B76CAABAB8C32A3B497BD,SHA256=25DC53FEE23E4419650FD751A55658BF3335773B468A2A63E99CAC31957FAF94,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000022494Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:10.003{6EDEAD03-FF62-615B-F802-00000000FB01}50524504C:\Windows\Explorer.EXE{6EDEAD03-011D-615C-0205-00000000FB01}5428C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022493Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:10.003{6EDEAD03-FF62-615B-F802-00000000FB01}50524504C:\Windows\Explorer.EXE{6EDEAD03-011D-615C-0205-00000000FB01}5428C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022492Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:10.003{6EDEAD03-FF62-615B-F802-00000000FB01}50524504C:\Windows\Explorer.EXE{6EDEAD03-011D-615C-0205-00000000FB01}5428C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022491Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:10.003{6EDEAD03-FF62-615B-F102-00000000FB01}49805088C:\Windows\System32\taskhostw.exe{6EDEAD03-011D-615C-0305-00000000FB01}5740C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022490Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:10.003{6EDEAD03-FF62-615B-F102-00000000FB01}49805088C:\Windows\System32\taskhostw.exe{6EDEAD03-011D-615C-0305-00000000FB01}5740C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022489Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.987{6EDEAD03-FF62-615B-F802-00000000FB01}50524500C:\Windows\Explorer.EXE{6EDEAD03-011D-615C-0205-00000000FB01}5428C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022488Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.987{6EDEAD03-FF62-615B-F802-00000000FB01}50524500C:\Windows\Explorer.EXE{6EDEAD03-011D-615C-0205-00000000FB01}5428C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022487Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.987{6EDEAD03-FF62-615B-F802-00000000FB01}50524500C:\Windows\Explorer.EXE{6EDEAD03-011D-615C-0205-00000000FB01}5428C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022486Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:09.987{6EDEAD03-FF62-615B-F802-00000000FB01}50524500C:\Windows\Explorer.EXE{6EDEAD03-011D-615C-0205-00000000FB01}5428C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000006915Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:11.539{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7CCE6830922FFA2CBADCA1354D21845,SHA256=E35746D12DBECAC2B0E0749B2A2685D8FCD8C47E259290A4E008D4DD7368BBFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022499Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:11.237{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8EFA3A65A4901BEB2006227671B8B37,SHA256=7FA9FFD4F3DE64BF29FD6A6E6DD0329566DE2BC77A9722990EAE73F013C6CAA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022498Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:11.034{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=314EED7D75DD0651B2DE74D719C8B562,SHA256=57878D73DACFDFFA86BFAD4332715F0A9D421C3E867063C0A98094543AD62B59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022497Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:11.034{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7C193D05354FF2E0F1AEC51E04EEF990,SHA256=436451D9283F84C43C7665D2EE1648384E6C4F2F945F9D429A8E656297EE4D60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006916Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:12.648{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A58972AC1051DDCFF2B9E1CA38F4719F,SHA256=5400B7445E6B0CF7A12492856317A887B79BE85F1334FB08FD7BA12BE3AF57B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022500Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:12.253{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22D033599D5FCE4E3348BBA5A98F4963,SHA256=6B277D79485559E6E13B9CC04524F650176134CE784C6713D234DF0AAD4907F9,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000006918Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:12.179{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49851-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000006917Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:13.648{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5D75FFE8697013B5E89FDA023272264,SHA256=55A3C9DF9E56FFC13544ED87FE1AAC9C8B226CAE9EBC72DFA2E0768F9F4549A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022501Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:13.268{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A63788191650DC90644C77A3BF3B7D77,SHA256=BF6792F37571410F82FEEED657638BDF8F9795D84FB01683D3BDF76FD477E46D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022502Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:14.268{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9A4A2CA7ECEC8AA476DDF8934E66E56,SHA256=60E8817D97A18B99F3E72BD6AACDD60F6EA1E0445E144E031452A14C41F846FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006919Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:14.648{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8913F02EFF395F3D8B537D2410DD7E11,SHA256=1720244DABA9A3A0263369FD4DAA64EB220DE1F1B54889FEAB03F0108318AB44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022503Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:15.487{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E216F441D75D235239D30AE7FBC5220,SHA256=273C362A5F49A414151A272EBF2C10ED17A2946C49CE178493D8D19EC48FB614,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006920Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:15.648{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70F1EF3BE0B082DC024D762894ACF9A5,SHA256=998B3A323D7D75C3F7744EC42670431CF3C1A42170544621AE669AAE3BA973AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006921Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:16.648{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D0186ED942C9F5C47C7284E9F8DD95D,SHA256=5A60AB7769CCADEAA01CFED2ADB7F5169E905FD2C1273FFF91A654BCB6D481F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022505Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:16.487{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F4154BAC28ED9DE7D03C9AF87AEE3F3,SHA256=B99166D3595685754F3A4A34F430D956B026A114D35FB1642E5745E8275037CD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022504Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:13.777{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61885-false10.0.1.12-8000- 23542300x80000000000000006922Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:17.653{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=026FF4FCF7C035C3591FCEF6B0A94DD3,SHA256=46E5E55AD79F0A25662C94C11BE9E7C97D04F86F79BD53906673CABDD03064B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022508Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:17.492{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5C1D03354B26B06D644485293A2BDD8,SHA256=9E12B57AA445A8DDE671E404A4CF538DDF14E28421D12145931E5CC379EA317B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022507Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:17.305{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=827C5893E27DA0BFAFE50A77C7C9BADF,SHA256=71087A092C8F7799755DC82AF23481711F5B9F5C342B4D680DD171F59AB7F2D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022506Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:17.305{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=314EED7D75DD0651B2DE74D719C8B562,SHA256=57878D73DACFDFFA86BFAD4332715F0A9D421C3E867063C0A98094543AD62B59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022511Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:18.508{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E945E00925073B3EE253B1E09E9D08E,SHA256=DA5F779253BDB0338F3950DA218EE5B818FF94853A9214E9538D9C2287529049,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006923Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:18.653{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9E46D8BE76FBA637B12ADAA5B9FAB23,SHA256=302880F967D9DC90EE57786ECEDDC506AF3458ED9DFDA1A8E5BA4888CEE950D9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022510Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:15.893{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61886-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000022509Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:15.893{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61886-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x800000000000000022512Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:19.523{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F282E4CEC8376305112DDCBF37297E6,SHA256=84FC3EB154C2D408F904C57AAF49D791AA555695AAC35A211DD77D36492D083C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006924Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:19.669{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3670B2157CA28E3CAA934FF697F3320A,SHA256=6BB1F333E6543415D4A2A03F5928AE3F67334128C09B98D7890FF88C11A8C48D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006926Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:20.669{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18886B17439DF3F430DCEAF9BCE26467,SHA256=515079BA91DA38EEE0814F831FF248AE2969DC57238E0DE1601100A382D44789,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022513Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:20.539{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14FC6C834E160D6A839AC6A0861F9A22,SHA256=EC0D73E1CA8D1E6F0A9597B5271B7CCABD5092737E82881B0B4ABB6741EE251F,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000006925Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:18.199{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49852-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000006927Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:21.669{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09119722B9A0E2C31030EE9D92776283,SHA256=1ABB72581DB9C053D9BB477C0F8348B78599928A9327DEA0D4AE38477A5D74FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022522Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:21.539{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9125BF837BDB6FDE864E102A295D5F8E,SHA256=2F1AE5A9014C257093D07562DAF73B4B7CF86C84FD163B4127B74C99D95F2ECB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000022521Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:21.070{6EDEAD03-011D-615C-0305-00000000FB01}57405284C:\Windows\system32\conhost.exe{6EDEAD03-0129-615C-0405-00000000FB01}6880C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022520Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:21.070{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022519Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:21.070{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022518Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:21.070{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022517Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:21.070{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022516Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:21.070{6EDEAD03-FF5F-615B-E202-00000000FB01}9723852C:\Windows\system32\csrss.exe{6EDEAD03-0129-615C-0405-00000000FB01}6880C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000022515Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:21.070{6EDEAD03-011D-615C-0205-00000000FB01}54284716C:\Windows\system32\cmd.exe{6EDEAD03-0129-615C-0405-00000000FB01}6880C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+1ace3|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000022514Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:21.081{6EDEAD03-0129-615C-0405-00000000FB01}6880C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exereg query HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigestC:\Users\Administrator\ATTACKRANGE\Administrator{6EDEAD03-FF61-615B-7756-1D0000000000}0x1d56772HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{6EDEAD03-011D-615C-0205-00000000FB01}5428C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" 23542300x80000000000000006928Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:22.669{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34479FC2B3206C66B178FE27FE79F16F,SHA256=FFB40D01DF97FAAD5B6FED53D1D7CF50D751A29619B04D87201DC280847C242F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022525Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:22.539{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A31564490F1BC086B369954E0B3D54C5,SHA256=09F4F2A13FAEA4505CDD5490181DE9B9A9D8519AD5E7F2DA25A05B9D52DE1731,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022524Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:19.741{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61887-false10.0.1.12-8000- 23542300x800000000000000022523Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:22.102{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=827C5893E27DA0BFAFE50A77C7C9BADF,SHA256=71087A092C8F7799755DC82AF23481711F5B9F5C342B4D680DD171F59AB7F2D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006929Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:23.684{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F61B9E987891255FAAA3B81B7A63101E,SHA256=100DBDED98BF57CA4763DE00C8DE332565B8F9E6CDF077D1917541E6D5113FAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022526Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:23.570{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09C6E9648B64601968C6D6A22E291A08,SHA256=17581E20C520110C81626DBD35E2C2C36BCA4EF58091FCB35A61701A22858CB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006930Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:24.700{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23E8C5C9662E0214322E8EFC3AC625D4,SHA256=2C362E22AB4EC54A20A74AD1E88D1DA14FF313F97C67F628DA61EA96F4DFB408,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022527Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:24.586{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E987B23E16EA319C72E4198DC6128E2,SHA256=FAA649598DDCA28A550F111AC7BBF08D9BBD2EECFF8BF7D23E031B36A756E545,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006931Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:25.700{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2917358F705826AF5629E19F2E2AAA67,SHA256=2E3740AB571C0EF9F310FEBFBA6F8663BF6E17E601C6B4D6C9EE6A66164AFD75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022528Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:25.586{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57D3BD5D0C9C7E61D82185F75D6E37E6,SHA256=1612A7E7D440F5AF0FA2E167521D96B86015E8472923CD12DC759C4AE05786D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006933Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:26.700{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FF7409C578AA2D724D297BFC50E2254,SHA256=DF0E44AA02F7D03433F7109B8FDD76F2EB195CEC5CD14F91F50F47A31EF8FFAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022529Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:26.602{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=915D8CAC584291C2867E195ABDB3220A,SHA256=A0F4141B8B1778E836A5DEC37F2BD44E16B163FB533432AC9668EFEACBBEC12E,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000006932Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:24.246{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49853-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000006934Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:27.700{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F285D47C19CDC551820EB033B5CE2F00,SHA256=DCEF38880ECAB3962221004830541F48635B37DD24630FD597DC60D8CB4A20F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022531Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:27.680{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E6D120B59035CB6288B36BC1A468D43,SHA256=26ECFAA6611813C1AAC1FC13E20BDC553B9694F2C793DA4A14E1003B86B94018,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022530Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:25.726{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61888-false10.0.1.12-8000- 23542300x80000000000000006935Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:28.716{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E14553BE3542DB0550858DC45D6D6E4,SHA256=6DC2E0FDBF78AFF1EF5154D743D64A1E6B1DED1C80297D4082B9F72AEC3BCF0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022532Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:28.774{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCE638691EE4CE3F0D3696AA7C5C1AEA,SHA256=B0509312A829D88A3EC778B8A7B7E723259735C268A237B8D6AC803B7BAC1A57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022533Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:29.789{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1EF6F1A1D59FDF0396DD84C6767BDDFF,SHA256=86A16B864627330040E954E1760DC5C68EEB40BA21DE5CBBE9F34E39BABB17D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006936Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:29.731{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=409DAA765F7DE65DC4714A87CA022476,SHA256=5EB8CBEC01E4F978B7D1235D9B12A83EE274C369A765C001E1DC7AA53EF33C20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006937Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:30.731{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44E72E234603DC78185B8442CA30CC92,SHA256=59B6EA3010204AC82D218EF25E79E825160762630738711A95A9B07D660CC5BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022534Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:30.790{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C342DB493310EAB21B5F49EA09DC4BF,SHA256=512FD1A5E37E3A13CA84EFB55BEFC33BC9F40E204A9FFD99F085F19AEFB99F73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006939Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:31.747{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C21FD59749A7C497F457898128B24AD5,SHA256=7CAD5D09195505EF490134F3C4850F91780089D11A01BFEAC4AD9D71EB91E6DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022535Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:31.806{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05D97E52D2F6012D5FAE41EAE436EC64,SHA256=9EB2C90C29805DE1AF712D9D8149EE5E081E62751B7AE1EE9E02ABC1166CB966,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000006938Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:30.293{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49854-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000006941Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:32.762{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=922C98D5A4C4A58E3F303AD19AF601B2,SHA256=D041E6E806104EA4427A9DC5BA5C7E2D98777C399E818BCA8DAD6E6CD6C554E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022536Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:32.821{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE332043C0984B322E3487FCF285D7C0,SHA256=FE23F2C7285DA41FC76150549DFACEACB756A6F7585B6936A13131BA831EB6CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006940Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:32.137{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=9395EC316069F09B7D7D2D560A1DF1AB,SHA256=A5F1BF525ED970BF8CF54837009A7F7CD1510DD4812378716C546655467BF927,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022538Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:33.836{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA4911A80A14E705FF9AC7E8647C777C,SHA256=75B3221E1D91E2D6A3B2777071E6B5EE86843AC88F105317355A46F74507FA34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006942Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:33.778{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1708F7E19058145B34C565010BC25C34,SHA256=71883625CA36B5B0F14B0FB440D8D24D2887163278EE8E0176BD36B3FE8B1C11,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022537Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:31.725{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61889-false10.0.1.12-8000- 10341000x80000000000000006946Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:34.965{49C67628-FDEB-615B-0D00-00000000FC01}7762624C:\Windows\system32\svchost.exe{49C67628-FDEB-615B-0C00-00000000FC01}728C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006945Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:34.965{49C67628-FDEB-615B-0D00-00000000FC01}776936C:\Windows\system32\svchost.exe{49C67628-FDEB-615B-1000-00000000FC01}924C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006944Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:34.965{49C67628-FDEB-615B-0D00-00000000FC01}7762624C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-1500-00000000FC01}104C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000006943Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:34.778{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD497810AC3D709E29E9ACBD31761340,SHA256=D890D6A3B25A4C0E4880D1262B196BE891287D49892C89FB3EED449AAD9782FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006947Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:35.778{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B516653E05B35A72B59156E72190216F,SHA256=42457B88C8239DB451644B55E7F81352FA0FFFA9933980E0AC9DBDF84CFBA74A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022540Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:35.793{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-020MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022539Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:35.070{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FE7A0D4C8FB77FBDBD0F5CEC1A49969,SHA256=265A6D948AC14B4BE720E6650BA3AA60328ECB0A3980DE42DE2F800AA933784A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006948Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:36.778{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53465D6F9EF635D7550D578E8D3040AB,SHA256=4CCB38AD4D2F3B8FD5FA6A157A901144C7A7A012EB2C1104C10104E2FC3172F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022542Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:36.807{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-021MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022541Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:36.165{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=976CD03C585D8B886DA8C271C4E3D92D,SHA256=4FBD099B5D4753E54B0E5FA0823168D51FEC5493C1D9D822929A0070C1532FD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022543Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:37.179{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75E4435150A7AFF9F424FD9A62716EEA,SHA256=E13810D764043E782C1499FA746BC20A799D71BE681EB81AB0322FF2F3275B04,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000006949Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:36.184{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49855-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000006950Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:38.017{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D7D7D72D505633AE280F85B030BEEB8,SHA256=A7C43DADE75D5F90A565DD76E8AD1F706265359F22B397B76F2E3DC306C24BD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022545Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:38.671{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022544Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:38.187{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E017C0A75B8D6D9C5AC61363F569CA30,SHA256=586E924CC2015EAF0308721D8C54944B6062BD1AFF005806AB86C50AE6BEB66F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006951Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:39.064{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F7BF458ED54A2560E5A2A0A2CEC03F8,SHA256=2BA4BCBA0E164EAB1006AA55CAB081618AB3D7DEFE24A4E977D9C650C96BD25D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022546Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:39.218{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADE720F13072E203B071B54B0338A6DB,SHA256=EDDE30DC79C7ABEEA5C55013AF843A305A0836FBD57785CC32D3CB14750DDC70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006952Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:40.298{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BE21B90C25916BC2699F4A07896A2C7,SHA256=B4BDFD86691FFDF10C5EBA6B79EB131F8B2735ACABAD76ED6A31D68B73460CBF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022557Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:38.264{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61891-false10.0.1.12-8089- 354300x800000000000000022556Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:37.732{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61890-false10.0.1.12-8000- 23542300x800000000000000022555Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:40.437{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=678CBB14B33EAE9E8A7DCE356E0B35B0,SHA256=91333C0AE9888540F64AF63EA457C013F9F78DA568B2884C785FA3C754D69C0C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000022554Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:40.343{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-013C-615C-0505-00000000FB01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022553Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:40.343{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022552Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:40.343{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022551Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:40.343{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022550Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:40.343{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022549Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:40.343{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-013C-615C-0505-00000000FB01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000022548Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:40.343{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-013C-615C-0505-00000000FB01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000022547Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:40.344{6EDEAD03-013C-615C-0505-00000000FB01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000006953Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:41.517{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E33EB07A53526C390D646655E1CB4EB,SHA256=409EE7073A32E8A974F8D3D9D294F9F35CF726E2F1838C00F9822FE374213325,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000022577Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.593{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-013D-615C-0705-00000000FB01}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022576Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.593{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022575Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.593{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022574Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.593{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022573Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.593{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022572Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.593{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-013D-615C-0705-00000000FB01}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000022571Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.593{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-013D-615C-0705-00000000FB01}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000022570Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.594{6EDEAD03-013D-615C-0705-00000000FB01}1916C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000022569Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.577{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C8E87E919BD544EFAAB6D9105477F134,SHA256=FA87EF2E6AD01BBBB1EDDFC2F384F8B0AF15B60762614C54E9B8CFBD890A7B2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022568Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.577{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0BE7FCC4B0870540BE0AB5C56D0C37D7,SHA256=6D489ECCCFC55D8EC77254ECC37A0650FAFCD973B4191DD0065E340914037C08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022567Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.452{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E849EC478FE290A5491AFC64AF6429C,SHA256=4044ADF96D9374C69A2196860DC722CB9308AF83E587A1CAFEF5E2E4C4B924B7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000022566Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.187{6EDEAD03-013D-615C-0605-00000000FB01}60766992C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022565Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.015{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-013D-615C-0605-00000000FB01}6076C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022564Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.015{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022563Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.015{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022562Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.015{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022561Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.015{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022560Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.015{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-013D-615C-0605-00000000FB01}6076C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000022559Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.015{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-013D-615C-0605-00000000FB01}6076C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000022558Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:41.015{6EDEAD03-013D-615C-0605-00000000FB01}6076C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000006955Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:42.970{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006954Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:42.673{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96630CE29D3377FA8F76BF50B954F210,SHA256=5E4219788814A36D95968F4844DA9342892F5D41C763DDB4C3EC9F8925F03604,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000022588Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:42.702{6EDEAD03-013E-615C-0805-00000000FB01}18881892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000022587Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:42.624{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C8E87E919BD544EFAAB6D9105477F134,SHA256=FA87EF2E6AD01BBBB1EDDFC2F384F8B0AF15B60762614C54E9B8CFBD890A7B2A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000022586Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:42.546{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-013E-615C-0805-00000000FB01}1888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022585Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:42.546{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022584Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:42.546{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022583Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:42.546{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022582Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:42.546{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022581Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:42.546{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-013E-615C-0805-00000000FB01}1888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000022580Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:42.546{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-013E-615C-0805-00000000FB01}1888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000022579Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:42.547{6EDEAD03-013E-615C-0805-00000000FB01}1888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000022578Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:42.468{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3F690E25F9174FD4976B8FF6163AED5,SHA256=87873A77577D434390EB2AEB296CE04A74E10D023F09ADFB3F046C89AE2943A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000006956Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:43.798{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B2A7D3485D38D79C3172D5B0707DA51,SHA256=F597FCF72F285B7B7790273E1B51A7AAC77658DC4B0DA42F19BE77758C8A7DDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022598Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:43.530{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=968F531FACC507BC35A63CEA8E846B35,SHA256=AB11CEE19029F222ABB227EAA7AC65BD5365FA64DC5BA21AD88B2CBF857F6706,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000022597Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:43.405{6EDEAD03-013F-615C-0905-00000000FB01}69683596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022596Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:43.218{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-013F-615C-0905-00000000FB01}6968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022595Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:43.218{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022594Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:43.218{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022593Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:43.218{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022592Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:43.218{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-013F-615C-0905-00000000FB01}6968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000022591Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:43.218{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022590Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:43.218{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-013F-615C-0905-00000000FB01}6968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000022589Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:43.219{6EDEAD03-013F-615C-0905-00000000FB01}6968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000006971Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:44.892{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0140-615C-3901-00000000FC01}3000C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006970Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:44.892{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006969Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:44.892{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006968Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:44.892{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006967Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:44.892{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006966Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:44.892{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006965Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:44.892{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006964Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:44.892{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006963Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:44.892{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006962Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:44.892{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006961Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:44.892{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0140-615C-3901-00000000FC01}3000C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000006960Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:44.892{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0140-615C-3901-00000000FC01}3000C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000006959Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:44.893{49C67628-0140-615C-3901-00000000FC01}3000C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000006958Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:44.830{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3185ED9625CBAB8470B61F672244C9DC,SHA256=79E990A422A4978FAAF19B7EF64C00133BFC7EA525EC61F468F9116FB4E44149,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000022617Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.593{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0140-615C-0B05-00000000FB01}5884C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022616Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.593{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022615Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.593{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022614Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.593{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022613Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.593{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022612Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.593{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0140-615C-0B05-00000000FB01}5884C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000022611Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.593{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0140-615C-0B05-00000000FB01}5884C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000022610Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.594{6EDEAD03-0140-615C-0B05-00000000FB01}5884C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000022609Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.546{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2ADD98B05BFD0AD95EEAE6D0BF49C4E,SHA256=8DAEDDDEE2796A5A8F030DBA59BD8AF327508D43BC1E29A2DF2DDE46AA65309E,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000006957Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:42.204{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49856-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000022608Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.280{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=18355E03210162A721E48068C4D3DA13,SHA256=D6AF39B67D46766AFA0AAB6235A26102A6BC3B2D3F9FF9DF1E40CE0705B26010,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000022607Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.218{6EDEAD03-0140-615C-0A05-00000000FB01}35886840C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022606Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.062{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0140-615C-0A05-00000000FB01}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022605Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.062{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022604Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.062{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022603Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.062{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022602Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.062{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022601Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.062{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0140-615C-0A05-00000000FB01}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000022600Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.062{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0140-615C-0A05-00000000FB01}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000022599Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:44.062{6EDEAD03-0140-615C-0A05-00000000FB01}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000022619Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:45.733{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9179CF117B8EB9BAC779B1EC63539FB1,SHA256=5D0DEFC1FB448627C55B368AEF934C500823F8F26166E902F9EC016A89A6C237,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022618Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:45.671{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=791A172CA39CE056D6F421D64E81C701,SHA256=3F9AF19040DDC6266ACFA50283AAFB01EB760BAB607125B28B990926A958F295,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000006986Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:42.986{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49857-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 10341000x80000000000000006985Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:45.548{49C67628-0141-615C-3A01-00000000FC01}40242716C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006984Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:45.392{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0141-615C-3A01-00000000FC01}4024C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006983Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:45.392{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006982Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:45.392{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006981Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:45.392{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006980Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:45.392{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006979Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:45.392{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006978Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:45.392{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006977Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:45.392{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006976Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:45.392{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006975Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:45.392{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006974Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:45.392{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0141-615C-3A01-00000000FC01}4024C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000006973Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:45.392{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0141-615C-3A01-00000000FC01}4024C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000006972Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:45.393{49C67628-0141-615C-3A01-00000000FC01}4024C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000022621Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:46.749{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5B8E2C2EA927DB3A772FB034AB58C6C,SHA256=8DC0CDA518ADF3E14D4BE9DEE3A9A6C7CB372C456E7F55E065E870DF24B83328,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007002Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:46.236{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=052570D7F8447143679AC17554DE4313,SHA256=8D551BBA650BB2B240B213CB7C49EF45E27B8CE0AAB9C65F84030EFC57DD571B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007001Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:46.236{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4572EF2CAAC0CEA57CE117B81FBDF78,SHA256=42BBA2A649C966785CADAB6653280C71FBF95B4190C3E78AEB8B0A56E6DD39CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007000Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:46.236{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9AC747C96AD6C17D6DE33366362A5110,SHA256=1871E5E3E8A4FF720C7C40ADE3895C1FDE003953A275FECAC68B1A179F932939,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000006999Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:46.064{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0142-615C-3B01-00000000FC01}436C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006998Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:46.064{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006997Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:46.064{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006996Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:46.064{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006995Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:46.064{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006994Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:46.064{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006993Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:46.064{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006992Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:46.064{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006991Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:46.064{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006990Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:46.064{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000006989Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:46.064{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0142-615C-3B01-00000000FC01}436C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000006988Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:46.064{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0142-615C-3B01-00000000FC01}436C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000006987Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:46.065{49C67628-0142-615C-3B01-00000000FC01}436C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000022620Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:43.686{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61892-false10.0.1.12-8000- 23542300x800000000000000022622Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:47.765{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32D9A19F53E63ABCB2B98A7EAEB78487,SHA256=004AF6E9C7640EED633CC65E8A8D9C6A2184067CB14AF7437566B6F86156152D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000007018Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:47.345{49C67628-0143-615C-3C01-00000000FC01}30443996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007017Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:47.173{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0143-615C-3C01-00000000FC01}3044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007016Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:47.173{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007015Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:47.173{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007014Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:47.173{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007013Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:47.173{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007012Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:47.173{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007011Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:47.173{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007010Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:47.173{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007009Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:47.173{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007008Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:47.173{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007007Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:47.173{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0143-615C-3C01-00000000FC01}3044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000007006Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:47.173{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0143-615C-3C01-00000000FC01}3044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000007005Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:47.174{49C67628-0143-615C-3C01-00000000FC01}3044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000007004Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:47.095{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB8E5D278D9666EDDC66FBDA40789FB8,SHA256=E0435DA70CB05634E09CE220561B08B02F32F1643D0C74ECBB61E6E64A0B4334,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007003Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:47.080{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=052570D7F8447143679AC17554DE4313,SHA256=8D551BBA650BB2B240B213CB7C49EF45E27B8CE0AAB9C65F84030EFC57DD571B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022623Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:48.780{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7203DDCCDF790C2B47F3D4A867F7069E,SHA256=7BFF68003231B9B38780E4B901E04A21F2D1E8704FEBB0A4BD57A65653E9F4F2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000007047Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.939{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0144-615C-3E01-00000000FC01}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007046Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.939{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007045Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.939{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007044Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.939{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007043Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.939{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007042Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.939{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007041Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.939{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007040Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.939{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007039Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.939{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007038Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.939{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007037Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.939{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0144-615C-3E01-00000000FC01}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000007036Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.939{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0144-615C-3E01-00000000FC01}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000007035Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.940{49C67628-0144-615C-3E01-00000000FC01}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x80000000000000007034Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.439{49C67628-0144-615C-3D01-00000000FC01}21083428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007033Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.267{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0144-615C-3D01-00000000FC01}2108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007032Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.267{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007031Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.267{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007030Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.267{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007029Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.267{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007028Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.267{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007027Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.267{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007026Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.267{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007025Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.267{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007024Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.267{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007023Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.267{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0144-615C-3D01-00000000FC01}2108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000007022Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.267{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0144-615C-3D01-00000000FC01}2108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000007021Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.268{49C67628-0144-615C-3D01-00000000FC01}2108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000007020Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.205{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CE6A8ECC8914721C5D75B37199B5CBFF,SHA256=374C052468BA0F41D18D775A0AB4CF14C4D1A691606F7352F5079EF561B8BFCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007019Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.095{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9A4726CE36C7BD339E0ECDE992500AE,SHA256=4A1568293A8BEA4A0794BC0D46780C399525334975D1FDC321EF124BFBCF9839,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022626Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:47.986{6EDEAD03-FC18-615B-0100-00000000FB01}4SystemNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.255-138netbios-dgmfalse10.0.1.14win-dc-676.attackrange.local138netbios-dgm 354300x800000000000000022625Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:47.986{6EDEAD03-FC18-615B-0100-00000000FB01}4SystemNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-676.attackrange.local138netbios-dgmfalse10.0.1.255-138netbios-dgm 23542300x800000000000000022624Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:49.827{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7D6C744BD10A8F74F71BE216165C8DD,SHA256=710BA1F91BEE1EFC931ED30D5255A69489177E92DA26D84E6C287ED368B0433A,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000007064Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:48.158{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49858-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x80000000000000007063Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:49.767{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0145-615C-3F01-00000000FC01}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007062Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:49.767{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007061Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:49.767{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007060Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:49.767{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007059Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:49.767{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007058Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:49.767{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007057Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:49.767{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007056Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:49.767{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007055Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:49.767{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007054Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:49.767{49C67628-FDEB-615B-0C00-00000000FC01}728760C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000007053Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:49.767{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0145-615C-3F01-00000000FC01}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000007052Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:49.767{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0145-615C-3F01-00000000FC01}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000007051Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:49.768{49C67628-0145-615C-3F01-00000000FC01}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x80000000000000007050Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:49.267{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2A6E5A89F4C3BEDA62CE637F5046434E,SHA256=0AAC5B26FC4B46EC24345B1934628D5CEF0885B0467DC2C9C6C5578F8A9FF915,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007049Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:49.189{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F358A506D7B2FC2AA4FBBF317BF60BD0,SHA256=ABDB4A193CC7B18BEAB937D00DD309B592873C237555D575AF511F7EA576487C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000007048Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:49.142{49C67628-0144-615C-3E01-00000000FC01}24763188C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000022628Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:50.827{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C52BF8D29098C871F0B9EAEF46139D9,SHA256=FF2D83B3BB635EE434E2DBDFB43774811608A35BC66413B80E95588F3388D44C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007066Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:50.798{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A034E52407E6350A2B1FB467200CA545,SHA256=9650B32A8C25613FA4609ABE3E2F7FA2D7DD8E5884353B89286BFA39ECEB787A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007065Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:50.283{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25C61CD47D978A0A2A9E0477E843AF8A,SHA256=3DB20CFB9288860B77716036F5D3BADB86AB614A604AF325C4A32135E45E9C76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022627Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:50.374{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=4B3B41C74C6DB9269A1174693CCA70CF,SHA256=C5F397E98A832C52D979AABAF5BFFEDE00BEA03952068DD60631002B13F24DB4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022630Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:48.857{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61893-false10.0.1.12-8000- 23542300x800000000000000022629Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:51.843{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE9E40589907E17C66F6068E118D6C1F,SHA256=3D89C6CDD9E59A193E6077058AF43B482B5E3FE01DF853F168415ACF1B58DC3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007067Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:51.517{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E06E651F7213AD0384D5BE81F9FAC46E,SHA256=F51C1A019B616C6DCDA6E45482518F511B713F717F7C890A0B96CE8B1F1C8632,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022631Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:52.859{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19B42DDA4C9F4BE7E627D1C0961B4D43,SHA256=95BA17837C6642D13098EA06878D651E8C436F54E78CCEF5DF724A93B16675F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007068Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:52.752{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D1CDD92CF374F7305EE947E708E29EB,SHA256=9518D98EAD358AEF275BCE6413CADEEC0DD825A95FE85CE16077F3D316FB4DC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007069Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:53.767{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0FCE20DF2AC30D26852FEFE74B484E1,SHA256=312063D9018FFB6E08D8574F1291E75822D02920785CBBEF4007030F3BE4CE53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022632Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:53.874{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DB72A050F2299C1E36676BBAE78732C,SHA256=45BD0C349E09F43A4C822036AF58DEAAB5D325F51083C01D7E436C08875458AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007071Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:54.896{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9BE03B9D558BBCA21F3565A2638AEB61,SHA256=19929FDC83BCF319A3843C408ADC242252BA6F3D10CCBF5F6226C213C8AFFA5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022633Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:54.890{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CCAC170F1D427B0C7D0740CE224A0DD,SHA256=5B1DC07CD31F0AD725DEC643FBE4622BDA2AC608F8EC73CD02796C7AD61A77D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007070Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:54.520{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-013MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007074Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:55.910{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFA8572BD980642377553A27A7D2A295,SHA256=D6328B2B2B3346D6B48618F5C162B4E5862EEF179554F6234E9BBDFE3AF004B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022634Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:55.937{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1475876086F0707B0E6E2119ADAC7BC2,SHA256=72C08A0CEE94AA15BF043BDD511859C1B13D8021C08AC468641272CED805A4D3,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000007073Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:53.189{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49859-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000007072Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:55.523{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-014MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007075Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:56.912{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8DC60F57758779880D6B41B32E41900,SHA256=E29BF662F04AB9BF455877AA36B8832C6CF66DC327F51C7D90A9C266C5BC567B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000022635Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:56.343{6EDEAD03-FC1D-615B-0D00-00000000FB01}9084776C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-EF02-00000000FB01}4920C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x80000000000000007076Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:57.921{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB66FCBD42379A62300DF1D7AC041AD7,SHA256=89E87B96D4E5AB9ACDB036608B85BCC3C3BEBFD737598A34248303DEE41E2665,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000022640Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 07:39:57.745{6EDEAD03-FC1D-615B-1100-00000000FB01}480C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b9bc-0x322bf919) 354300x800000000000000022639Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:55.298{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58495- 354300x800000000000000022638Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:55.297{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57090- 354300x800000000000000022637Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:54.623{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61894-false10.0.1.12-8000- 23542300x800000000000000022636Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:57.015{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A1ACC4018658E43DD9992BF9B739D48,SHA256=BA5B8A72F4E6F12A3C1598A0DFF46666D5923E337ABE416A4EC8CC3279CE5E1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007077Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:58.921{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CD2EB66B0C07CBF90064CC1DB76C64B,SHA256=174ED7A92FA6A02AF490BADE6D9EACDB37C3712421B0D4A3FC988FED2ED24F8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022641Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:58.198{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6E47424C346B61583F1FAE3EE5672B8,SHA256=690C99CD80220D151E848880F559EE1F02ECEE92839F8AF7EED571182914C4D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007078Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:59.921{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=920086EB15A676B4C9484C00B9C5DA96,SHA256=AE008174290AEEDF8E17E9EB02EA066A7762BCE265E883F918CE1E3FB988B481,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022642Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:59.354{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33A849702C64A4EB1E23B189B78867FA,SHA256=4D776F29610BA3010C26FC91EBC532B0F762D3EC6D0667E60F2961E120D19DE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007080Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:00.921{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=932CBF83269ABB215ED44E31973EBA75,SHA256=F30B893E8E2F77619A1921164AF143F71D13EEBB151CB80D6099BD75E9A8C65D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022643Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:00.448{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0217BADC3C1537E838616710BD3F1A1,SHA256=56A9C6F126073ED9230507187E06B58E8A3F1A9E89B2CEE1D6223613997AD71B,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000007079Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:39:59.061{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49860-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000007081Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:01.921{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1067571EA396F68EFFB1200484A770F,SHA256=EC8B6B47181503CDCA0E82B352DBE6E847757508334820F8F4F51781441A1C15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022644Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:01.448{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DA179EE1939B74F76793250A796B23C,SHA256=A6CFCC8303EBF681FAA0FD0889BB8BC9A8401B7A2DB8986F3D0C8141358F5B87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007082Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:02.921{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF6A18A1957F1958140AB537CA661984,SHA256=121812E439D13186FECD218D34019C9D5752F1CEE6D3BBDBB99DDBC26570E3EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022646Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:02.479{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9928EF56A56495D2545B7E18B960763C,SHA256=ED8F214274D076EB5896940DF9D453B900019AF8D11921BABDAA810789EF7FE8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022645Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:39:59.634{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61895-false10.0.1.12-8000- 23542300x80000000000000007083Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:03.921{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00E79206DCE0FC43CC460D3E2E6466CB,SHA256=032F788FB4B35B47A6542E4D48627B81C880389D4313D10EDE34E7583F749259,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022647Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:03.495{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82ED1ADB89102195E06DECE7E357B1F2,SHA256=A83FD609E1D0DE68F7143B457E9A5E80AC975DEEC4D3C550519912C01AA71557,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007084Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:04.921{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5015D9528746C42C2A1761BDFC35670F,SHA256=F51FA0A873F4FFE1644827D2FE0C4975FC4183952BFADC33CF24DB52A28985CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022648Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:04.526{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23ABD08AE243F887E8A6DB714C1E9FD6,SHA256=075B8C84E355AAE96352E00C0B2440E0A7BF3A1CB4FFB7851B5AE0E3C3966C4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007085Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:05.921{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D03571588540D285712F943077BB512,SHA256=2819617119069E2962BA746BD82818BA73CA9B1F8EC2DA80A7BF2FAAA240222E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022649Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:05.557{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C1DE8E36203389A360330860FFC81B6,SHA256=9FD7BD79100207BD8B6DB59AA7DAB6DC29334C1E8BACE2B66F9AA358A01F4436,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007087Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:06.921{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EF5ED858DFC5EA9E12B17024607679B,SHA256=DEE87346C15A7A83D97F4F72C386FC998DF3240C7DADD86482144214506CFEF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022650Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:06.588{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B004A9517163DC1ED72A89C200958828,SHA256=7BE62D511244F2467C799D6B30065C0C9175CDE23ECA9AAD3EC4AE4844E7576A,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000007086Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:04.202{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49861-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000007088Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:07.921{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC0DD7E2DDD15E5E8293ED5DA7FF90D6,SHA256=767679A0A97ABCCE4C381FDE864852353B47B84590AA84DCB989235EBD5EB9D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022652Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:07.588{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79FEE2D4AA93F0DB5D31E6529824C113,SHA256=AD57E8768071F077E0FDA6492B2623A5403975181CD65D53EDC970E4DA3DE25C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022651Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:04.743{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61896-false10.0.1.12-8000- 23542300x80000000000000007089Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:08.921{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=256FD93DAED9B7FF3E707242ED2B922F,SHA256=61091577D2437AF9BA54A6B52AA005D24D8F5B65E969FF17C4EBD1E5AC57BEFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022653Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:08.604{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=288709943A36D3D23A89B0D937ACCCD9,SHA256=277294733BA1E22B9A3F874B1CFC95E4F83306A27179FC099171F1E073E7D39B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007090Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:09.921{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B824429FCD9223763312F2C082EC0505,SHA256=83B6FB827961A91D42792F406DA64A735DEAE7100E40373152A959B8A3C72DCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022654Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:09.620{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E0E4133358EFCDA0790EEDA2F473A2C,SHA256=1F24E8F0831B32BA3C24869DA7AFF370A95C6351B5BE67E65AA9DC281A16818F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007091Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:10.936{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B869E9946F9F1D3FA171A91BC18CC0A8,SHA256=5576888020134072DF6A64839D54221962C65309740334E497F5C06DFE012347,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022655Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:10.635{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADD05DF4095F11BC2496984C3294C4CE,SHA256=06487E941BF42B375506886A17C89E8FA727C98A59248C719C2FE007616EBF03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007092Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:11.952{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44EAE758477BEE1AAD78CF9048082996,SHA256=7659E51F17B1E6592BB0A24430A6086E87FE9CA391AD3FE3F46B663C3CF9FAA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022656Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:11.635{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0B7291ABB5DE9345F6604582905C9EF,SHA256=72BB715A7138684FF6B3E28D189101B0E59AE02E140E2F80565A45BF676BB872,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007094Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:12.952{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50FDDECA8C58DA4C0F30E778F65C5B5C,SHA256=D22D03DC30CD6ED1F42F2402101DC025571C46F1E0CFC5B61004C4605A023665,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022657Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:12.651{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=795C0CE8C67160F2430D300CB59925DA,SHA256=8767AEAD0D2D384E25C1A1D57B6418F98873CA091B0F01FF17743760A35F4530,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000007093Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:10.124{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49862-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000007095Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:13.968{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=032744DBA9CFADE2AB385530E01AE3CD,SHA256=3EFA5CFFB92B113F51272754CE0B75704BA43DC7738DE92746F8FF73CEDF4DEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022659Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:13.651{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=075567CEE2A926F5A67A47CB47372B57,SHA256=3E1DF9B56D735FB1F1C4BC648762933030CF1DB563B52654D762232780D8AA6C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022658Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:10.728{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61897-false10.0.1.12-8000- 23542300x80000000000000007096Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:14.968{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F07C4E9991BEF0E612B5F118CDEA00D,SHA256=AEAEE963D4D419A9AC7E358FD237C1E04A80031D534824C5115E7F3AEA57DA56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022660Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:14.651{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=604BC8CD672E78DE996CEA695DCCE558,SHA256=C8A3BBE89483D7DA148ACA0B7524FC12671B616E07C5AE8DA300C36486D82FC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007097Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:15.983{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=312EF6DD801E6AC3CF26C1C744A2B27E,SHA256=51363F48D37033989AD7E6989DD620CC6D8B59FF30FB50A4B6F1A9546FE46557,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022661Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:15.729{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19A0D36B676FDA70CF1299CE1CAD3C57,SHA256=B17E6B7EB0E76D627B91EAC599F91689577BDFC7A3127D546C3D5DB2795E24CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007098Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:16.983{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07FBFCE2455BAFEC4B5BCF72BFD3DEC1,SHA256=1D74F9FB53B2D8DE25DD8F29C2E7642A0B0CC11FC6FAB090FD5F83F38631C992,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022662Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:16.729{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=783B9556F3FBC1068484F22C782C02EE,SHA256=BF923A509C551E1A59EF331A224F6F7100F25D4892761003251BB79C90D81185,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007100Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:17.987{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AB47D6954C82FFF22E88D5EA690EF07,SHA256=73615BDFDDF1A7B9DCCA7EEFDCA907F77344249C6FD69DF3FD1A8F8F17D7E7D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022665Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:17.967{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDFAA8E62A9CC2561CB3D9BCFA15ACE2,SHA256=51AD96A9765DCA693D5C0D73159806DC66CF784171E8DB609112E61835BEA3ED,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000007099Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:15.265{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49863-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000022664Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:17.292{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2298E7FEF38790D382D98E21E3E63869,SHA256=44EA053C67B09B9438A252BBD4255488A7BFFB4125479835D97F91D4438D6DAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022663Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:17.292{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C0255D630EB1BDEA7FBB74ECAF128825,SHA256=D2D99853520046E92245F020857EFD8596657569C437238687BA8D542ABA4517,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007101Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:18.987{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FFF2F952C33B78B1BDEA8751711734B4,SHA256=63DDAC5AAB35533F9E324B91F5A9FDD633B9535A0D64E78A758593D18BA6CBA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022668Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:18.983{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9175A67F71180FC661A30DC8320981BA,SHA256=D690ABCBEA74E1D4940F5BDEF742B192127F6F68C1122094306AE46DA0CC66D5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022667Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:15.900{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61898-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000022666Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:15.900{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61898-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000022669Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:16.712{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61899-false10.0.1.12-8000- 23542300x800000000000000022670Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:19.999{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F3ECFD99FABB98216088EF595A32313,SHA256=9EEE142AAED3DC1057A4E613852B4512AACFFFA70273468F5E07C08A1E1377BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007102Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:20.003{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A2E008F3CF08CCDA21FE929E203FA80,SHA256=F862367ED6844CA624D7499CA9F45E15AA82E0E3819AF554EBE14C66059A2895,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007103Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:21.003{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07232D7EC7529CDD25E3C4D9C237F63F,SHA256=6AA5D92DBAE722777F8F4D63A2EAB61EA1E318B797F29D9756C26CE40CEF1E42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022671Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:20.999{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C4C0D6FCDCD96629DAC2497536B71C6,SHA256=ABBCB44D7993CE095BC98108336960A37C3F2874E3ED549F550209347B3F8903,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000007105Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:21.159{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49864-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000007104Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:22.018{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F4D51897D37EF86CC9837771CA90CE2,SHA256=2DBD86A902EEBE88B41171C1D2BF06BE9DF238641006C70ECB8F9542C23B1662,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022672Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:21.999{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9609E2867149634564A84EC667FA11E8,SHA256=24DA12935CC8C6E20FE7F314C8A37CB9C2A00D6C7BF38BD1AE11ECB8B250767B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007106Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:23.018{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DA01F34A4221181A1F970C6EF7FFC16,SHA256=E368C42122ED9DEC0F6B88DBFFD99518C9E405962EB60B3EF0E03F59D19E8CA2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022674Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:21.732{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61900-false10.0.1.12-8000- 23542300x800000000000000022673Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:22.999{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=419417269A1E82250031D2C23DAAF92A,SHA256=D07D27E849D7B741C1A78A3E85DF4E8023906DD5027457FCD5CD9F44EFF3A08C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007107Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:24.253{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E7A3542EE50F51FE925A75847594BCB,SHA256=5097BBBDE6E7D3CFA2C8EA5918954B8DBCB1B91036ADB60E7E74DE07751B032F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022675Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:23.999{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C53B7BFBD567C6DF39115F38D959418,SHA256=56425129511C89C4BD2E3D81201C49CA27ACE3764BD07D5F037691B5C401E128,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007108Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:25.347{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16F5E0F8AA30D8BD4D92F5AD880726AF,SHA256=A196A2F4DC86E4717FF35DC02CD14A789AC2ECA31EC44E55F0B60EA98CCF0ED4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022676Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:25.014{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA24F40C3E89D2DC539D22D295E149B6,SHA256=08765A5D6A836B048509F8BCBD08ABA1100FEB9E29733CF3E637ABA8448060C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007109Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:26.565{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B495C698F277A8819719AE47960BBE1F,SHA256=EE97F6667BF08C035FB3B67C1DCD54E5086847B9803053BFDEA01C8E4922F0EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022677Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:26.030{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D01D2A164EDBA09AD85FAAEBC67E24BB,SHA256=0DF6EA3EAF0D891F3A6A528F9AF18E197B6831CDF46BAC999C18C5E48171ADE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007110Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:27.800{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=082B123395CD6A81B43854A7A9E5D3AB,SHA256=94F49373A047F386BF5C2D09B9593CC477D5276E58F73CF15A03D9C50050003C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022678Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:27.030{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0615D574718E2A894F966C72CF1367B6,SHA256=0F2B6F104F8CEB8B85401EB850698557286785B3392E4640E5D696540A1D8CBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007111Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:28.800{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5348BC5D33428C5307BBE1AA9CC4121,SHA256=4B4BCEA0AC2B55DAE84A4322B3AB2E4C7010C76915536E4A758BBCF2F07C9CCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022679Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:28.030{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54ACD8C5CAAEE8778A6C3DB45F2EF791,SHA256=E0AC6D6A6ACC1BBD6EF88681EDD82F619752324A1E988AF649D7C9A2BBF12C63,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000007112Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:27.175{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49865-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000022681Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:27.669{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61901-false10.0.1.12-8000- 23542300x800000000000000022680Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:29.046{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2FA189B023ED457B562C0F3949D2BAE,SHA256=5018C796F85DD3EDCAF903D2948044EFAEFD93BCD2D1ABA25036DA4B11CC6AA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007113Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:30.034{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4DC20737551EA51A3E9EC966EF7D1D3,SHA256=DC4F6821222D385F44865503EF77DC8E00A288DC45ADE07747BB6C384E7C8639,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022682Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:30.061{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=865FDEC4CB1287D9E5B0E0C5FB460F37,SHA256=8BC8C450D67F22F68C5DDA36BB16396138C5BE3C8FC2C50FECAE375C73CDA19B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007114Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:31.065{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=525B8C20864DB8CA989D16BF09BDEFA5,SHA256=B0A746C05F99570712C96E7222F08D4039525766E3B0915348FCD276B36ED268,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022683Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:31.077{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=882B91946F27F1307A6DEBE6EC022AA3,SHA256=5032729837F83189DB3EF56AC91739FA27892357BAAFDE212A5987E4CDA8FC63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022684Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:32.092{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5BA43B9414FCAD3F4DEDC98CEB51418,SHA256=A2C87CC580B262984C69BE694FAAD7B1A5634B187CD28E6C9289383FC48CA3C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007116Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:32.143{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=E8B793175B06DC450B55C6AF5784597F,SHA256=13EDDC674ED6746B5436DC4DAEC3E0E03EBFCE1E9F290B0419147C9C6F455FC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007115Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:32.081{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53BCA27494F055762CFA25D176487A18,SHA256=91E928F9B50E07C816CDE9963089AACCAD682D70D1D39500A17B7BBCD385FABB,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000007118Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:32.238{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49866-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000007117Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:33.081{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04785A5ECB106BAF17FED5D542D3B3D3,SHA256=2F8C949C6997C009B09B6F8D75630353818AB2F2147CBDD3C7F66C28BE4BDF40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022685Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:33.108{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5476F448A792AA95BF44F31907CDAD95,SHA256=B436675F1F2CFA55D525C72E30FE981E410CD1BF2D2F416E36DD51B67E0A0D36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007119Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:34.081{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20920D98DCBC540E877972EF9EBB1C9E,SHA256=DF9AE9D9C14388F11A5183EB10AAF80B086AD8363D8141FB63F987CB6C03C06F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000022687Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:32.841{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local61902-false10.0.1.12-8000- 23542300x800000000000000022686Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:34.124{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33BB7B229F58E2CCA77FCF4AEC240CCC,SHA256=80B558A8CCA0DA22960A97CF9367B4E51F4394948F901FE764F2FB2BEE830D1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007120Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:35.094{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=909B0E79B2EA727EE837671425CEBA40,SHA256=E24A98D185283F1980BDBAA0B507E50E0CB21C75C0124645B615754B28C1F38F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022688Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:35.124{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F45BAA5D26903642EDE83CDCAA549487,SHA256=A41A0DB8D5D04DDC8A6664EF7E3CED0BBFCB30D65573C7C1DCAB84A27968C6A4,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000007125Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:35.093{49C67628-FDEE-615B-3A00-00000000FC01}2836C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49870-false169.254.169.254instance-data.eu-central-1.compute.internal80http 354300x80000000000000007124Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:34.965{49C67628-FDEE-615B-3A00-00000000FC01}2836C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49869-false169.254.169.254instance-data.eu-central-1.compute.internal80http 354300x80000000000000007123Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:34.927{49C67628-FDEE-615B-3A00-00000000FC01}2836C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49868-false169.254.169.254instance-data.eu-central-1.compute.internal80http 354300x80000000000000007122Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:34.926{49C67628-FDEE-615B-3A00-00000000FC01}2836C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49867-false169.254.169.254instance-data.eu-central-1.compute.internal80http 23542300x80000000000000007121Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:36.094{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7329D2B9D19ED0C3B5219952373543B5,SHA256=C11F00A4E64949E32DBE814FD4918DF78149D9C59331F9C4D9170B657052148E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022689Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:36.139{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A4E0D38FFEFEADFDB0614B483D591DA,SHA256=B4D6F46C2F7D72189D62C273F349333737E2EC88BC6F8508A36C7AE15BDE8AC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007126Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:37.094{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22555201617F83C53726214896F6AE57,SHA256=A6CE2E294005CA2A7C20EF0A4C8E9426EB82BD8E7DF39B82F8E7C31FBAC3283F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022691Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:37.316{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-021MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022690Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:37.141{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14B6B7CE5B08967B4E90F1A7F682D9CE,SHA256=FB30AE997575F17ED35B72D001F0B33D1B5E44BBE03561812BD07EE00C739D12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000007127Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:38.102{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD2368B334178A0552887BBC44640AFE,SHA256=894BC7DDF31732F74AE5205EE2223D5A82E8090EB7763309CA955B656D7279BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022694Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:38.690{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022693Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:38.317{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-022MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022692Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:38.144{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14D4ED88EBFA2C05CC556C5966D04D86,SHA256=06CFBA4C04085D044672AA4CCB3EDFECB9808EE1D8FDF49FF10715FDFB5A6109,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000007129Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:38.149{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49871-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x80000000000000007128Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 07:40:39.102{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37F2AA29FC304F46F5439F7DF9092524,SHA256=66005B6E6EF2E115219FD6891CD1B460F214C9F9AD0D78ACBBBD311774BDC086,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000022695Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:39.146{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10CFE3E268275F8BC4EFE08F6E31F0DD,SHA256=0F1B80D9D791C1356A510D04B98393395BFD30C6FD977E1A57551145DCDBF2CF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000022705Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:40.349{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0178-615C-0C05-00000000FB01}7056C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022704Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:40.349{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022703Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:40.349{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022702Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:40.349{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022701Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:40.349{6EDEAD03-FC1D-615B-0C00-00000000FB01}848880C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000022700Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:40.349{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0178-615C-0C05-00000000FB01}7056C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000022699Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 07:40:40.349{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0178-615C-0C05-00000000FB01}7056C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+1